The default configuration of Serv-U 2.5d and previous versions allows remote malicious users to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cat soft serv-u 2.5a |
||
cat soft serv-u 2.5b |
||
cat soft serv-u 2.5c |
||
cat soft serv-u 2.5d |
||
cat soft serv-u 2.4 |
||
cat soft serv-u 2.5 |
Vulmon