Skip to main content

CVE-1999-1156: BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malf

Medium
VulnerabilityCVE-1999-1156cve-1999-1156denial of service
Published: Mon May 17 1999 (05/17/1999, 04:00:00 UTC)
Source: NVD
Vendor/Project: bisonware
Product: bisonware_ftp_server

Description

BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns.

AI-Powered Analysis

AILast updated: 07/01/2025, 17:42:18 UTC

Technical Analysis

CVE-1999-1156 is a vulnerability affecting BisonWare FTP Server version 4.1 and earlier. The flaw allows remote attackers to cause a denial of service (DoS) condition by sending a malformed PORT command. This command includes a non-numeric character and an excessive number of carriage return characters. The PORT command in FTP is used to specify the client-side port for the data connection. Improper handling of this malformed input causes the server to become unresponsive or crash, resulting in a denial of service. The vulnerability does not affect confidentiality or integrity but impacts availability. Exploitation requires no authentication and can be performed remotely over the network. The CVSS score is 5.0 (medium severity), reflecting the ease of exploitation and the impact limited to availability. No patch is available for this vulnerability, and there are no known exploits in the wild. Given the age of the vulnerability (published in 1999), it is likely that affected systems are legacy or outdated. However, if such systems remain in operation, they remain susceptible to simple DoS attacks that could disrupt FTP services.

Potential Impact

For European organizations, the primary impact of this vulnerability is service disruption. FTP servers running vulnerable versions of BisonWare FTP Server could be taken offline by attackers remotely, causing interruptions in file transfer operations. This could affect business continuity, especially in environments relying on FTP for critical data exchange or legacy system integrations. Although the vulnerability does not lead to data breaches or unauthorized data modification, the denial of service could delay operations, impact customer service, or disrupt automated workflows. Organizations in sectors with strict uptime requirements, such as finance, manufacturing, or public services, could face operational and reputational damage. Additionally, the lack of available patches means organizations must rely on mitigating controls or migration to alternative solutions. The risk is mitigated if organizations have already replaced or decommissioned legacy FTP servers or use more secure file transfer protocols.

Mitigation Recommendations

Since no patch is available for this vulnerability, European organizations should consider the following specific mitigations: 1) Identify and inventory any BisonWare FTP Server 4.1 or earlier instances in their environment, especially legacy systems. 2) Where possible, replace or upgrade to modern, supported FTP server software that properly validates PORT commands and other inputs. 3) Implement network-level controls such as firewall rules or intrusion prevention systems (IPS) to detect and block malformed FTP commands, particularly malformed PORT commands containing non-numeric characters or excessive carriage returns. 4) Restrict FTP server access to trusted networks or VPNs to reduce exposure to remote attackers. 5) Monitor FTP server logs for unusual or malformed command patterns indicative of attempted exploitation. 6) Consider migrating to more secure file transfer protocols such as SFTP or FTPS that provide encryption and better input validation. 7) Employ rate limiting or connection throttling on FTP services to reduce the impact of DoS attempts. These targeted measures go beyond generic advice by focusing on legacy system identification, network filtering of malformed commands, and migration strategies.

Need more detailed analysis?Get Pro

Threat ID: 682ca32cb6fd31d6ed7df006

Added to database: 5/20/2025, 3:43:40 PM

Last enriched: 7/1/2025, 5:42:18 PM

Last updated: 7/29/2025, 1:21:15 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats