XLight FTP Server SFTP Directory Traversal
Medium Nessus Network Monitor Plugin ID 5593
SynopsisThe remote SFTP service is vulnerable to a directory traversal attack.
DescriptionThe remote host is running XLight FTP server with the SFTP service enabled.
Versions of XLight FTP server 3.x earlier than 3.6.0 are potentially affected by a directory traversal vulnerability in the SFTP service. A remote authenticated attacker, exploiting this flaw, can read arbitrary files on the affected host.
SolutionUpgrade to XLight FTP Server 3.6 or later.