EFTP Nonexistent File Request Installation Directory Disclosure

Medium Nessus Plugin ID 11093


The remote FTP server is affected by an information disclosure vulnerability.


The version of EFTP installed on the remote host reveals its installation directory if sent a request for a nonexistent file. An authenticated attacker may leverage this flaw to gain more knowledge about the affected host, such as its filesystem layout.


Upgrade to version 3.2 or higher, as it has been reported to fix this vulnerability.

See Also


Plugin Details

Severity: Medium

ID: 11093

File Name: eftp_root_disclosure.nasl

Version: $Revision: 1.24 $

Type: remote

Family: FTP

Published: 2002/08/18

Modified: 2016/10/10

Dependencies: 10092, 10079

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: ftp/login

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 3333

OSVDB: 51614