|
Serv-U FTP Server Path Disclosure Vulnerability
The default settings for Serv-U cause the server to give out full physical path information in the following circumstances. A user attempting to retreive a non-existant file or change to a non-existant directory will see: 550 /d:/ftproot/nonexist: No such file or directory. A user changing to an existing directory will see: 250 Directory changed to /d:/ftproot/exist This information could be used to simplify other attacks. |
|
|
Privacy Statement |
