Directory Traversal Vulnerability in Serv-U FTP Server by Serv-U Technologies
CVE-2011-4800

Currently unrated

Key Information:

Vendor

Solarwinds
Status
Serv-u File Server
Vendor
CVE Published:
14 December 2011

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2011-4800?

A directory traversal vulnerability exists in the Serv-U FTP Server prior to version 11.1.0.5, allowing authenticated remote users to exploit the system. By sending specially crafted commands using the '..:/' sequence, attackers can gain unauthorized access to files and directories. This vulnerability not only permits the reading and writing of arbitrary files but also allows the listing and creation of directories, significantly compromising the security of the affected system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-4800 - Proof of Concept

References

http://archives.neohapsis.com/archives/fulldisclosure/201...
mailing-listx_refsource_FULLDISC
http://secunia.com/advisories/47021
third-party-advisoryx_refsource_SECUNIA
http://www.serv-u.com/releasenotes/
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

.