|
Family: FTP --> Category: infos
EFTP tells if a given file exists Vulnerability Scan
Vulnerability Scan Summary EFTP directory traversal
Detailed Explanation for this Vulnerability Test
The remote FTP server can be used to acertain if a given
file exists on the remote host or not, by adding dot-dot-slashes
in front of them.
For instance, it is possible to acertain the existence
of \autoexec.bat by using the command SIZE or MDTM on
../../../../autoexec.bat
A possible hacker may use this flaw to gain more knowledge about
this host, such as its file layout. This flaw is specially
useful when used with other vulnerabilities.
Solution : update your EFTP server to 2.0.8.348 or change it
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|