|
Family: Remote file access --> Category: infos
TFTP directory traversal Vulnerability Scan
Vulnerability Scan Summary Attempts to grab a file through TFTP
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote TFTP server can be used to read arbitrary files on the
remote host
Description :
The TFTP (Trivial File Transfer Protocol) is vulnerable to a directory traversal
attack which may allow a possible hacker to read arbitrary files on the remote host
by prepending their names with '../'
Solution :
Disable the remote tftpd daemon, filter incoming traffic to this port, or
run tftpd in a chrooted environment.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:C/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|