id: CVE-2020-35359

info:
  name: Pure-FTPd 1.0.48 - Denial of Service
  author: pussycat0x
  severity: high
  description: |
    Pure-FTPd 1.0.48 is vulnerable to Denial of Service via exhaustion of connections due to lack of proper connection limits.
  impact: |
    Unauthenticated attackers can exhaust available connections due to lack of proper connection limits, causing denial of service by preventing legitimate users from connecting to the FTP server.
  remediation: |
    Update Pure-FTPd to a version newer than 1.0.48 that implements proper connection limits and rate limiting to prevent connection exhaustion attacks.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cve-id: CVE-2020-35359
    cwe-id: CWE-770
    epss-score: 0.0702
    epss-percentile: 0.91623
    cpe: cpe:2.3:a:pureftpd:pure-ftpd:1.0.48:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: pureftpd
    product: pure-ftpd
    shodan-query:
      - product:"pure-ftpd"
      - cpe:"cpe:2.3:a:pureftpd:pure-ftpd"
  tags: cve,cve2020,network,ftp,pure-ftpd,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'Pure-FTPd')"
          - "contains(version, '1.0.48')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "Pure-FTPd ([0-9.]+)"
# digest: 4a0a00473045022100bc72aa8d78b6c9ba4d89967fa60cadd71b1da08cc183a96ef8a52461d6ea243102205e27379f3b61594bdf4c85f4f614923574cc9073af4bbe89093e7332937a5876:922c64590222798bb761d5b6d8e72950