What is CVE-2009-2521?

CVE-2009-2521 is a vulnerability in N/a. Published 2009-09-04.

Is CVE-2009-2521 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildc…

EPSS: 0.608 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

oval:org.mitre.oval:def:6508 (x_refsource_OVAL, signature, vdb-entry)
975191 (vendor-advisory, x_refsource_MSKB)
TA09-286A (x_refsource_CERT, third-party-advisory)
MS09-053 (x_refsource_MS, vendor-advisory)
20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion") (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2009-2521?: CVE-2009-2521 is a vulnerability in N/a. Published 2009-09-04.
Is CVE-2009-2521 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.