CVE-2021-35250

Name of the Vulnerable Software and Affected Versions Serv-U versions 15.3.0.X through 15.3.0.X before Hotfix 1 Serv-U version 15.3

Description A researcher reported a Directory Transversal issue in Serv-U. This may allow access to files relating to the Serv-U installation and server files. The issue allows a remote user to perform a Directory Traversal attack and read arbitrary files in systems with Serv-U version 15.3 installed. The attack can be performed by sending a specially crafted HTTP request. The reading of files is only possible on the C: disk, and the attacker can only obtain information about the file server if they know the path to the files.

Recommendations For Serv-U versions 15.3.0.X through 15.3.0.X before Hotfix 1, apply Hotfix 1 to resolve the issue. For Serv-U version 15.3, apply Hotfix 1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the C: disk to minimize the risk of exploitation.