Serv-U < 2.5i CD Command Traversal Directory / File Access
Medium Nessus Network Monitor Plugin ID 1838
SynopsisThe remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files or data.
DescriptionIt is possible to break out of the remote FTP chroot by appending %20s in the CWD command, as in : CWD %20.. This problem allows an attacker to browse the entire remote file system.
SolutionUpgrade to Serv-U 2.5i or higher.