Vulnerabilities > CVE-2000-0176 - Path Disclosure vulnerability in Serv-U FTP Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cat-soft

nessus

NVD

Published: 2000-02-29

Updated: 2008-09-10

Summary

The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.

Vulnerable Configurations

Part	Description	Count
Application	Cat_Soft CAT Soft Serv U 2.4 CAT Soft Serv U 2.5 CAT Soft Serv U 2.5A CAT Soft Serv U 2.5B CAT Soft Serv U 2.5C CAT Soft Serv U 2.5D	6

Nessus

NASL family	FTP
NASL id	FTP_SERVU_PATH_DISCLOSURE.NASL
description	The remote FTP server discloses the full path to its root through a CWD command for a nonexistent directory. In addition, the server may be prone to a buffer overflow that may allow a remote, authenticated attacker to launch a denial of service attack against the affected software.
last seen	2020-06-01
modified	2020-06-02
plugin id	11392
published	2003-03-15
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11392
title	Serv-U < 2.5e Multiple Vulnerabilities (OF, Path Disc)

Summary

Vulnerable Configurations

Nessus

References