Solaris FTP Daemon Long Command XSRF
Medium Nessus Plugin ID 47040
SynopsisThe remote FTP server is affected by a cross-site request forgery vulnerability.
DescriptionThe version of FTP running on the remote host is affected by a cross-site request forgery vulnerability. Long file names are not processed properly, resulting in the execution of arbitrary commands.
If a user is logged into the FTP server via web browser, a remote attacker could exploit this by tricking them into requesting a maliciously crafted web page, resulting in the execution of arbitrary FTP commands.
SolutionThere is no known solution at this time.