Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

XLight FTP Server SFTP Directory Traversal

Medium

Synopsis

The remote SFTP service is vulnerable to a directory traversal attack.

Description

The remote host is running XLight FTP server with the SFTP service enabled.

Versions of XLight FTP server 3.x earlier than 3.6.0 are potentially affected by a directory traversal vulnerability in the SFTP service. A remote authenticated attacker, exploiting this flaw, can read arbitrary files on the affected host.

Solution

Upgrade to XLight FTP Server 3.6 or later.