Serv-U multiple security vulnerabilities-vulnerability warning-the black bar safety net

2014-06-05T00:00:00
ID MYHACK58:62201448719
Type myhack58
Reporter 佚名
Modified 2014-06-05T00:00:00

Description

Affected system:

serv-u serv-u 1 5. x Description: -------------------------------------------------------------------------------- Serv-U is a widely usedFTP serverprogram.

Serv-U 15.1.0.458 prior versions did not verify the user name will return a different response, which can lead to enumerate valid user name, some user input is not properly filtered, that is returned to the user, which may result in the user's browser session to execute arbitrary HTML and script code.

<*source: vendor

Links: http://secunia.com/advisories/58991/ *>

Recommendations: -------------------------------------------------------------------------------- Manufacturers patch:

serv-u \ ------ The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:

<http://www.serv-u.com/releasenotes/>