This script is Copyright (C) 2008-2011 Tenable Network Security, Inc.
The remote FTP server is affected by several vulnerabilities.
The installed version of Serv-U 7.x is earlier than 22.214.171.124 and thus
is reportedly affected by the following issues :
- An authenticated, remote attacker can cause the service
to consume all CPU time on the remote host by
specifying a Windows port (eg, 'CON:') when using the
STOU command provided he has write access to a
- An authenticated, remote attacker can overwrite or create
arbitrary files via a directory traversal attack in the
- An authenticated, remote attacker may be able to upload a
file to the current Windows directory with rename by
placing the destination in '\' (ie, 'My Computer').
See also :
Upgrade to Serv-U version 126.96.36.199 or later.
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 8.5
Public Exploit Available : true