Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Serv-U File Renaming Directory Traversal and 'STOU' DoS Vulnerabilities
Information
Severity
Severity
High
Family
Family
Denial of Service
CVSSv2 Base
CVSSv2 Base
7.5
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
15 years ago
Modified
Modified
5 years ago
Summary
The host is running Serv-U FTP Server, which is prone to Directory Traversal and Denial of Service Vulnerabilities.
Insight
Insight
The flaws are due to, - error in handling 'STOU' FTP command. It can exhaust available CPU resources when exploited through a specially crafted argument value. - input validation error in the FTP service when renaming files which can be exploited to overwrite or rename files via directory traversal attacks.
Affected Software
Affected Software
RhinoSoft Serv-U FTP Server 7.3.0.0 and prior
Solution
Solution
Upgrade to RhinoSoft Serv-U FTP Server 10 or later.