Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
–1 vote
365 views
in CompleteFTP by (170 points)

We use CompleteFTP professional on our Windows 2012 R2 server (currently version 21.1.0) and have a couple thousand clients connecting with a custom application that uses an sftp connection with the Rebex SFTP client tools for .NET Framework, build 6874 from 10/26/2018 (https://www.rebex.net/sftp.net/history.aspx#2018R3). Several different users from different locations and different IPS are able to connect and authenticate, but the IPS is stopping the file upload and citing a couple different vulnerabilities:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0640

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0639

These cite old versions of OpenSSH, but to our knowledge, neither the client nor the server is using this old version. Some sites are whitelisting our server to get around this, but we'd like to figure out why this is happening. Any ideas?

1 Answer

0 votes
by (9.1k points)
edited by

CompleteFTP certainly doesn't use OpenSSH at all, so it's a bit of a mystery why the IPS is flagging these almost 20 year old vulnerabilities of OpenSSH. It sounds like false positives to me. You can submit false positive reports with your IPS to resolve this longer term. You could also try selecting 'Hide server product details' in the messages setting - the IPS must be misinterpreting the SSH version string.

To discuss it in more detail please open a support ticket at our support portal here.

by (170 points)
Thanks support2. If CompleteFTP doesn't use OpenSSH, why is it referenced in some older release notes? For example, version 8.3.3 from Sept 2015 mentions OpenSSH version 6.7 and higher.

Categories

...