CVE-2006-1951

Name of the Vulnerable Software and Affected Versions SolarWinds TFTP Server versions 8.1 and earlier

Description The issue allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. This can be achieved by exploiting the directory traversal vulnerability.

Recommendations For SolarWinds TFTP Server versions 8.1 and earlier, consider restricting access to the TFTP server until a patch is available. As a temporary workaround, disabling the ability to download files via GET requests may help minimize the risk of exploitation.