Vulnerabilities > CVE-2000-0176 - Path Disclosure vulnerability in Serv-U FTP Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Nessus
NASL family | FTP |
NASL id | FTP_SERVU_PATH_DISCLOSURE.NASL |
description | The remote FTP server discloses the full path to its root through a CWD command for a nonexistent directory. In addition, the server may be prone to a buffer overflow that may allow a remote, authenticated attacker to launch a denial of service attack against the affected software. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11392 |
published | 2003-03-15 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11392 |
title | Serv-U < 2.5e Multiple Vulnerabilities (OF, Path Disc) |