CVE-2017-6367

Published: Mar 14, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.

Affected (1)

Products: Cerberusftp: Ftp Server

Cerberusftp

1 product

Ftp Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cerberusftp Ftp Server	Version 8.0.10.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/96887

Source: cve@mitre.org

https://www.exploit-db.com/exploits/41596/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/96887

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/41596/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.