Serv-U multiple security vulnerabilities-vulnerability warning-the black bar safety net

ID MYHACK58:62201448719
Type myhack58
Reporter 佚名
Modified 2014-06-05T00:00:00


Affected system:

serv-u serv-u 1 5. x Description: -------------------------------------------------------------------------------- Serv-U is a widely usedFTP serverprogram.

Serv-U prior versions did not verify the user name will return a different response, which can lead to enumerate valid user name, some user input is not properly filtered, that is returned to the user, which may result in the user's browser session to execute arbitrary HTML and script code.

<*source: vendor

Links: *>

Recommendations: -------------------------------------------------------------------------------- Manufacturers patch:

serv-u \ ------ The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: