We use CompleteFTP professional on our Windows 2012 R2 server (currently version 21.1.0) and have a couple thousand clients connecting with a custom application that uses an sftp connection with the Rebex SFTP client tools for .NET Framework, build 6874 from 10/26/2018 (https://www.rebex.net/sftp.net/history.aspx#2018R3). Several different users from different locations and different IPS are able to connect and authenticate, but the IPS is stopping the file upload and citing a couple different vulnerabilities:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0639
These cite old versions of OpenSSH, but to our knowledge, neither the client nor the server is using this old version. Some sites are whitelisting our server to get around this, but we'd like to figure out why this is happening. Any ideas?
CompleteFTP certainly doesn't use OpenSSH at all, so it's a bit of a mystery why the IPS is flagging these almost 20 year old vulnerabilities of OpenSSH. It sounds like false positives to me. You can submit false positive reports with your IPS to resolve this longer term. You could also try selecting 'Hide server product details' in the messages setting - the IPS must be misinterpreting the SSH version string.
To discuss it in more detail please open a support ticket at our support portal here.
