Cerberus FTP Server MLSD and MLST Command Hidden Files Security Bypass
Medium Nessus Plugin ID 47588
SynopsisThe FTP server installed on the remote Windows host has a security bypass vulnerability.
DescriptionThe version of Cerberus FTP server on the remote host is earlier than 220.127.116.11. Such versions are potentially affected by a security bypass vulnerability. The 'MLSD' and 'MLST' commands list hidden files despite the 'Display hidden files' option being disabled. A remote attacker, possibly uncredentialed, may be able to leverage this issue to enumerate hidden files on the affected system.
SolutionUpgrade to Cerberus FTP server 4.0.3 or later.