|
| 1 | +[basic] |
| 2 | +description = "PureFTPd 1.0.18 及更早版本中的 accept_client 函数存在连接数限制缺陷,远程攻击者可通过建立大量并发连接超出服务器最大连接数限制,导致 FTP 服务耗尽系统资源而拒绝服务。该漏洞影响 PureFTPd 1.0.18 及此前所有版本,攻击者无需认证即可利用,CVSS 评分 5.0,危害等级中等。建议升级至 PureFTPd 1.0.19 及以上版本修复。" |
| 3 | +published = "2004-08-06T04:00:00.000" |
| 4 | +remediation = "升级 PureFTPd 至 1.0.19 或更高版本。如无法立即升级,可在配置文件中调低 `MaxClientsNumber` 和 `MaxClientsPerIP` 参数以限制最大连接数,同时使用防火墙(如 iptables)限制单 IP 并发连接数作为临时缓解。" |
| 5 | +score = 5 |
| 6 | +severity = "MEDIUM" |
| 7 | +sources = ["nuclei"] |
| 8 | +title = "PureFTPd accept_client 函数拒绝服务漏洞" |
| 9 | +updated = "2026-06-16T22:06:06.270" |
| 10 | + |
| 11 | +[exploit] |
| 12 | +exp_urls = [] |
| 13 | +poc_urls = [] |
| 14 | + |
| 15 | +[id] |
| 16 | +aliases = ["CVE-2004-0656"] |
| 17 | +ave_id = "AVE-2004-0003" |
| 18 | + |
| 19 | +[meta] |
| 20 | +collected_at = "2026-07-15T00:00:00Z" |
| 21 | +status = "completed" |
| 22 | + |
| 23 | +[references] |
| 24 | +urls = [ |
| 25 | + "http://www.gentoo.org/security/en/glsa/glsa-200407-04.xml", |
| 26 | + "http://www.pureftpd.org/", |
| 27 | + "https://exchange.xforce.ibmcloud.com/vulnerabilities/16611", |
| 28 | + "https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2004/CVE-2004-0656.yaml", |
| 29 | + "https://github.com/trickest/cve/blob/a90de4f84b4783951362f491671e1e9decfc17cb/2004/CVE-2004-0656.md", |
| 30 | + "https://github.com/projectdiscovery/nuclei-templates/blob/a5c2e8e4dab8c8e618ba76807c3e07587b7d781a/network/cves/2004/CVE-2004-0656.yaml", |
| 31 | + "https://github.com/CVEProject/cvelistV5/blob/d5838f491a2d04e9f823fb9638e9e6f0b038d399/cves/2004/0xxx/CVE-2004-0656.json", |
| 32 | + "https://github.com/LiuCan01/cve-list-pro/blob/78b55511cee3604c22d518e32822f0435d0cacc0/cve-list/CVE-2004/CVE-2004-0656", |
| 33 | + "https://github.com/Patrowl/PatrowlHearsData/blob/23b9072d94002e85c65869c9b10a30b4a0f4057c/CVE/data/2004/CVE-2004-0656.json", |
| 34 | + "https://github.com/Terry-ten/AI-POC/blob/62e60c784027e40d64b94669324ee032f1659f14/pocs/nuclei/network/cves/2004/CVE-2004-0656.yaml", |
| 35 | + "https://github.com/MaineK00n/vuln-data/blob/9e1ff46005584f5d4c094bd8d97e510415b9f767/goval-dictionary/debian/11/CVE-2004-0656.json", |
| 36 | + "https://github.com/adampielak/nuclei-templates/blob/ac9605f5a915670fd80cb4e1904f4435f1835b65/nuclei-v3/C/CVE-2004-0656_7.yaml", |
| 37 | + "https://github.com/Kuduxaaa/hunting-knowledge-base/blob/e9de2ea715300eb67318e21f3930704d36ad8d2b/signatures/nuclei/network/cves/2004/CVE-2004-0656.yaml", |
| 38 | + "https://github.com/blackhook/nessus-plugins/blob/64177d96abbb07c58cf7e131046b067ebc61fcb5/G/gentoo_GLSA-200407-04.nasl", |
| 39 | +] |
0 commit comments