Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WS_FTP AHT Deserialization RCE (CVE-2023-40044) - Vulnerability Database

WS_FTP AHT Deserialization RCE (CVE-2023-40044)

Description

WS_FTP Ad Hoc Transfer (WS_FTP) is an IIS data transfer module. WS_FTP WS_FTP uses .NET deserialization of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data.

Remediation

Upgrade to the latest version of WS_FTP

References

WS_FTP Server Critical Vulnerability - (September 2023)
RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)

Related Vulnerabilities

Kentico CMS Deserialization RCE High
Common tags: Insecure Deserialization Acumonitor
Deserialization of Untrusted Data (Java JSON Deserialization) Genson High
Common tags: Insecure Deserialization Acumonitor
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445) High
Common tags: Insecure Deserialization Acumonitor
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) Critical
Common tags: Insecure Deserialization Acumonitor
Flex BlazeDS AMF Deserialization RCE High
Common tags: Insecure Deserialization Acumonitor

Severity

Critical

Classification

CVE-2023-40044
CWE-502
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Insecure Deserialization
Acumonitor