Serv-U < 18.104.22.168
Medium Nessus Plugin ID 45140
SynopsisThe remote FTP server is affected by multiple vulnerabilities.
DescriptionAccording to its banner, the installed version of Serv-U is earlier than 22.214.171.124, and is, therefore, potentially affected by the following issues :
- When importing users, restricted administrators could create user accounts outside their home directory.
- When exporting users, restricted administrators could see a user's full path for home directory, virtual paths, and directory access rules.
- A restricted domain administrator could create a user or group that was not locked in the user's home directory.
- A denial of service issue when handling a large number of concurrent HTTP requests.
SolutionUpgrade to Serv-U version 126.96.36.199 or later.