icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Serv-U < 7.4.0.0 Multiple Command Argument Handling DoS

Medium

Synopsis

The remote FTP server is affected by a denial of service vulnerability.

Description

The remote host is running Serv-U File Server, an FTP server for Windows. The installed version of Serv-U 7.x is earlier than 7.4.0.0, and is affected by a denial of service vulnerability. By using a specially crafted command such as XCRC, STOU, DSIZ, AVBL, RNTO, or RMDA, it may be possible for an authenticated attacker to render the FTP server temporarily unresponsive.

Solution

Upgrade to version 7.4.0.0 or higher.