CVE-2011-4800

Name of the Vulnerable Software and Affected Versions Serv-U FTP Server versions prior to 11.1.0.5

Description A directory traversal issue allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, by using a "..:/" (dot dot colon forward slash) in the list, put, or get commands.

Recommendations For versions prior to 11.1.0.5, update to version 11.1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the list, put, and get commands until a patch is applied.