CVE-2021-47865
Denial of Service in ProFTPD 1.3.7a via Connection Exhaustion
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| proftpd | proftpd | 1.3.7a |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ProFTPD 1.3.7a allows an attacker to cause a denial of service by opening many simultaneous FTP connections to the server. By repeatedly establishing multiple connections using threading, the attacker can exhaust the server's connection limits, preventing legitimate users from accessing the FTP service. The attack can bypass per-IP connection limits by using multiple proxies and is automated by a script that opens many connections concurrently. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition on the ProFTPD server. Attackers can overwhelm the server by exhausting its allowed connection slots, which blocks legitimate users from connecting and using the FTP service. This can disrupt business operations that rely on FTP access and cause service unavailability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the number of simultaneous FTP connections to the ProFTPD server, especially if there is an unusually high number of connections that saturate the server's connection limits. One can check if the FTP port (default 21) is open and observe connection patterns. Although no specific detection commands are provided, using network monitoring tools to track FTP connections or running scripts that test port availability and connection counts can help identify the issue. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include limiting the number of simultaneous FTP connections per IP address and implementing network-level protections such as firewalls or intrusion prevention systems to detect and block excessive connection attempts. Additionally, monitoring for unusual connection patterns and using proxy detection can help prevent distributed attacks. Restarting the FTP service periodically may temporarily alleviate the issue, but patching or upgrading ProFTPD to a version without this vulnerability is recommended. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes a denial of service by exhausting server connection limits, which can disrupt availability of FTP services. While it does not directly compromise confidentiality or integrity of data, the resulting service unavailability could impact compliance with standards and regulations that require maintaining availability of systems and services, such as GDPR and HIPAA. However, no explicit information about compliance impact is provided in the resources. [1]