CVE-1999-0351, known as the FTP PASV "Pizza Thief" vulnerability, is a security flaw affecting the FTP protocol's passive mode (PASV) implementation. In FTP passive mode, the server opens a random port and informs the client to connect to it for data transfer. This vulnerability arises because attackers can connect to these server-assigned ports intended for legitimate clients, allowing them to intercept or steal data being transferred. Additionally, the flaw can be exploited to cause a denial of service (DoS) by disrupting legitimate data connections. The vulnerability does not require authentication and can be exploited remotely over the network, with low attack complexity. The CVSS score of 6.4 reflects a medium severity, indicating partial confidentiality impact (data theft possible) and availability impact (denial of service), but no integrity impact. Since this vulnerability dates back to 1999 and affects the FTP protocol's PASV mode, it primarily concerns legacy FTP servers or systems still relying on FTP for file transfers. No patches are available, and no known exploits are currently active in the wild, but the fundamental protocol design flaw remains a risk if FTP PASV mode is used without additional protections.

For European organizations, the impact of this vulnerability depends on the extent to which FTP PASV mode is used in their infrastructure. Organizations relying on legacy FTP servers for file transfers, especially those transferring sensitive or regulated data, face risks of unauthorized data disclosure and service disruption. Confidentiality is at risk because attackers can potentially intercept data by connecting to the PASV ports. Availability can also be affected due to denial of service attacks disrupting legitimate FTP sessions. This can impact sectors such as finance, healthcare, manufacturing, and government agencies that may still use FTP for legacy systems or inter-organizational data exchange. The risk is heightened in environments lacking network segmentation or encrypted tunnels (e.g., VPNs or TLS) protecting FTP traffic. Given the absence of patches, organizations must consider alternative secure file transfer protocols or implement compensating controls to mitigate exposure.

1. Transition away from FTP PASV mode to more secure file transfer protocols such as SFTP (SSH File Transfer Protocol) or FTPS (FTP over TLS), which provide encryption and better authentication mechanisms. 2. If FTP PASV must be used, restrict access to FTP servers using firewalls and network segmentation to limit exposure to trusted clients only. 3. Employ VPNs or encrypted tunnels to protect FTP traffic from interception. 4. Monitor network traffic for unusual connections to PASV ports that could indicate exploitation attempts. 5. Disable PASV mode if possible and use active mode with appropriate firewall configurations, although active mode has its own challenges. 6. Regularly audit and update legacy systems to minimize reliance on outdated protocols. 7. Educate network and security teams about the risks associated with FTP PASV and ensure logging is enabled to detect suspicious activities.