SynopsisThe remote FTP server is vulnerable to multiple attack vectors.
DescriptionThe remote host is running Serv-U File Server, an FTP server for Windows. According to its banner, the installed version of Serv-U is earlier than 184.108.40.206, and is therefore potentially affected by the following issues :
- When importing users, restricted administrators could create user accounts outside their home directory.
- When exporting users, restricted administrators could see a user's full path for home directory, virtual paths, and directory access rules.
- A restricted domain administrator could create a user or group that was not locked in the user's home directory.
- A denial of service issue when handling a large number of concurrent HTTP requests.
SolutionUpgrade to Serv-U version 220.127.116.11 or later.