vulnerability

ProFTP ProFTPd: CVE-2021-47865: Allocation of Resources Without Limits or Throttling

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Jan 21, 2026	Jan 22, 2026	Jan 26, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jan 21, 2026

Added

Jan 22, 2026

Modified

Jan 26, 2026

Description

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

Solution

proftp-proftpd-upgrade-latest

References

CVE-2021-47865
https://attackerkb.com/topics/CVE-2021-47865
URL-http://www.proftpd.org/
URL-https://github.com/proftpd/proftpd/issues/1298
URL-https://www.exploit-db.com/exploits/49697
URL-https://www.vulncheck.com/advisories/proftpd-a-remote-denial-of-service
CWE-770

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today