CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:internet_information_services:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:04

Type Values Removed Values Added
References
  • {'url': 'http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191', 'name': '975191', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MSKB'}
  • () http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191 -

Information

Published : 2009-09-04 10:30

Updated : 2024-02-28 11:21


NVD link : CVE-2009-2521

Mitre link : CVE-2009-2521

CVE.ORG link : CVE-2009-2521


JSON object : View

Products Affected

microsoft

  • internet_information_services
CWE
CWE-400

Uncontrolled Resource Consumption