id: CVE-2005-0851

info:
  name: FileZilla Server < 0.9.6 - DoS via MODE Z Infinite Loop
  author: pussycat0x
  severity: medium
  description: |
    FileZilla Server versions prior to 0.9.6 are vulnerable to denial of service when using MODE Z (zlib compression). Remote attackers can cause an infinite loop via certain file uploads or directory listings, leading to server unresponsiveness.
  impact: |
    Attackers can trigger infinite loops during MODE Z operations, causing FileZilla Server to become completely unresponsive and requiring service restart.
  remediation: |
    Upgrade FileZilla Server to version 0.9.6 or later that properly handles MODE Z zlib compression operations.
  reference:
    - http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
    cvss-score: 5
    cve-id: CVE-2005-0851
    cwe-id: CWE-835
    epss-score: 0.0004
    epss-percentile: 0.12431
    cpe: cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: filezilla-project
    product: filezilla_server
    shodan-query: product:"FileZilla"
  tags: cve,cve2005,network,ftp,filezilla,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'FileZilla')"
          - "compare_versions(version, '< 0.9.6')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "FileZilla Server version ([0-9.]+)"
# digest: 4a0a00473045022100bb42eaa26f5fb2aef3551ccef94382efec18d9dd0558ce7b8bd3764106122a6502203d2cc27c22d5dbdc90fd80908fa98c100f62846570089039381effd489e7ed1b:922c64590222798bb761d5b6d8e72950