Cerberus FTP Server < 5.0.5.0 Cross-Site Request Forgery

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The FTP server installed on the remote Windows host has a cross-site
request forgery vulnerability.

Description :

The version of Cerberus FTP server on the remote host is earlier than
5.0.5.0. As such, it is potentially affected by a cross-site request
forgery (CSRF) vulnerability that can be used to trick an authenticated
administrator into making unintended changes to the application.

See also :

http://cerberusftp.com/releasenotes.html

Solution :

Upgrade to Cerberus FTP server 5.0.5.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 63559 ()

Bugtraq ID: 55788

CVE ID: CVE-2012-2999