What is the severity of CVE-2007-3768?

CVE-2007-3768 is classified as a denial of service vulnerability that can cause a restart of the affected system.

How do I fix CVE-2007-3768?

To fix CVE-2007-3768, it is recommended to upgrade to a newer version of SurgeFTP that does not have this vulnerability.

Which versions of SurgeFTP are affected by CVE-2007-3768?

SurgeFTP version 2.3a1 and earlier are affected by CVE-2007-3768.

What type of attack does CVE-2007-3768 involve?

CVE-2007-3768 involves a user-assisted attack where a malformed PASV command response can lead to a denial of service.

Is CVE-2007-3768 still a risk for current FTP services?

If you are using SurgeFTP version 2.3a1 or earlier, CVE-2007-3768 remains a risk, and it should be addressed immediately.

Vulnerability/
CVE-2007-3768

high

8.5

CWE

NVD-CWE-Other

15/7/2007

29/7/2017

CVE-2007-3768

First published: Sun Jul 15 2007(Updated: )

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SurgeFTP	<=2.3a1

Remedy

http://secunia.com/advisories/26061

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-3768?
CVE-2007-3768 is classified as a denial of service vulnerability that can cause a restart of the affected system.
How do I fix CVE-2007-3768?
To fix CVE-2007-3768, it is recommended to upgrade to a newer version of SurgeFTP that does not have this vulnerability.
Which versions of SurgeFTP are affected by CVE-2007-3768?
SurgeFTP version 2.3a1 and earlier are affected by CVE-2007-3768.
What type of attack does CVE-2007-3768 involve?
CVE-2007-3768 involves a user-assisted attack where a malformed PASV command response can lead to a denial of service.
Is CVE-2007-3768 still a risk for current FTP services?
If you are using SurgeFTP version 2.3a1 or earlier, CVE-2007-3768 remains a risk, and it should be addressed immediately.

agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/event
agent/references
agent/description
agent/severity
agent/weakness
agent/remedy
agent/author
vendor/netwin
canonical/surgeftp
version/surgeftp/2.3a1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.