Serv-U < 18.104.22.168 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5486
SynopsisThe remote FTP server is vulnerable to multiple attack vectors.
DescriptionThe remote host is running Serv-U File Server, an FTP server for Windows. According to its banner, the installed version of Serv-U is earlier than 22.214.171.124, and is therefore potentially affected by the following issues :
- When importing users, restricted administrators could create user accounts outside their home directory.
- When exporting users, restricted administrators could see a user's full path for home directory, virtual paths, and directory access rules.
- A restricted domain administrator could create a user or group that was not locked in the user's home directory.
- A denial of service issue when handling a large number of concurrent HTTP requests.
SolutionUpgrade to Serv-U version 126.96.36.199 or later.