Primary

Context

ProFTPD Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in ProFTPD version 1.3.7a. This vulnerability allows attackers to overwhelm the FTP server by establishing multiple simultaneous connections. By using threading to create these connections, attackers can exhaust the server's connection limits, effectively blocking access for legitimate users.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where legitimate users are unable to connect to the FTP server due to the exhaustion of available connections.

Reproduction

The vulnerability can be reproduced by using a script that automates the process of opening multiple FTP connections to the server. This can be done by specifying the target server's IP address, the FTP port (default is 21), and the maximum number of connections to establish (default is 50). The script will then open the specified number of connections, which can disrupt normal user access to the server.

Added: Jan 21, 2026, 7:14 PM

Updated: Jan 21, 2026, 7:14 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

9.7

remediation

7.7

relevance

2.2

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

9.7

remediation

7.7

relevance

2.2

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ProFTPD Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

ProFTPD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating