Serv-U < 10.2.0.0

medium Nessus Plugin ID 48435

Language:

Synopsis

The remote FTP server is affected by multiple vulnerabilities.

Description

According to its banner, the installed version of Serv-U is earlier than 10.2.0.0 and is, therefore, potentially affected by the following issues :

 - It is possible to create a directory, when using virtual paths and various combinations of permissions, where the end-user does not have permission to create the directory.

 - Certain web client invalid URL parameters could cause the affected application to crash.

Solution

Upgrade to Serv-U version 10.2.0.0 or later.

See Also

https://support.solarwinds.com/Success_Center/Serv-U_Managed_File_Transfer_Serv-U_FTP_Server/Serv-U_Documentation/release_notes

Plugin Details

Severity: Medium

ID: 48435

File Name: servu_10_2_0_0.nasl

Version: 1.11

Type: remote

Family: FTP

Published: 8/25/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:serv-u:serv-u

Required KB Items: ftp/servu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/16/2010

Vulnerability Publication Date: 8/16/2010

Reference Information

BID: 42523

SECUNIA: 41015, 41018