Serv-U < 188.8.131.52
Medium Nessus Plugin ID 41980
SynopsisThe remote FTP server is affected by multiple vulnerabilities.
DescriptionThe installed version of Serv-U is earlier than 184.108.40.206 and as such is reportedly affected by following issues :
- Provided 'SITE SET' command is enabled, an authorized user may be able to crash the remote FTP server by sending a specially crafted 'SITE SET TRANSFERPROGRESS ON' command.
- An unprivileged user may be able to view all drives and virtual paths for drive '\'.
SolutionUpgrade to Serv-U version 220.127.116.11 or later.