Directory Traversal Vulnerability in Rhino Software Serv-U File Server
CVE-2009-1031

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Serv-u File Server
Vendor: CVE Published:; 20 March 2009

Summary

The FTP server within Rhino Software's Serv-U File Server versions 7.0.0.1 to 7.4.0.1 contains a directory traversal vulnerability, allowing remote attackers to exploit an MKD request with a crafted input meant to manipulate directory structures. This type of vulnerability enables unauthorized access to create arbitrary directories outside of the designated file paths, potentially leading to further exploitation of the server and exposure of sensitive data.

References

https://www.exploit-db.com/exploits/8211

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/34329

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/52773

vdb-entryx_refsource_OSVDB

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 20, 2009
Vulnerability Reserved
Mar 19, 2009