This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.
The FTP server installed on the remote Windows host has a security
The version of Cerberus FTP server on the remote host is earlier than
126.96.36.199. Such versions are potentially affected by a security bypass
vulnerability. The 'MLSD' and 'MLST' commands list hidden files despite
the 'Display hidden files' option being disabled. A remote attacker,
possibly uncredentialed, may be able to leverage this issue to enumerate
hidden files on the affected system.
See also :
Upgrade to Cerberus FTP server 4.0.3 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true