Denial of Service Vulnerability in tnftpd's Glob Implementation
CVE-2015-5917 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:N/A:P
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
Learn more about our Web Application Penetration Testing UK.