CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.proftpd.org/
https://github.com/proftpd/proftpd/issues/1298
https://www.exploit-db.com/exploits/49697
https://www.vulncheck.com/advisories/proftpd-a-remote-denial-of-service

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) ProFTPD 1.3.7a contiene una vulnerabilidad de denegación de servicio que permite a los atacantes sobrecargar el servidor creando múltiples conexiones FTP simultáneas. Los atacantes pueden establecer conexiones repetidamente usando subprocesos para agotar los límites de conexión del servidor y bloquear el acceso de usuarios legítimos.

23 Jan 2026, 19:15

Type	Values Removed	Values Added
References	~~{'url': 'https://github.com/proftpd/proftpd', 'source': 'disclosure@vulncheck.com'}~~	() https://github.com/proftpd/proftpd/issues/1298 -

21 Jan 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-21 18:16

Updated : 2026-04-15 00:35

NVD link : CVE-2021-47865

Mitre link : CVE-2021-47865

CVE.ORG link : CVE-2021-47865

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2021-47865", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-21T18:16:18.470", "references": [{"url": "http://www.proftpd.org/", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/proftpd/proftpd/issues/1298", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/49697", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/proftpd-a-remote-denial-of-service", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access."}, {"lang": "es", "value": "ProFTPD 1.3.7a contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a los atacantes sobrecargar el servidor creando m\u00faltiples conexiones FTP simult\u00e1neas. Los atacantes pueden establecer conexiones repetidamente usando subprocesos para agotar los l\u00edmites de conexi\u00f3n del servidor y bloquear el acceso de usuarios leg\u00edtimos."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}