Strix
26.1K

CVE-2011-4800

UnknownEPSS 8.38%

Last modified

CVE-2011-4800 is a vulnerability of currently unknown severity. Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.. EPSS estimates a 8.38% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

Metrics

EPSS Probability
8.38%

94.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SolarwindsServ-U File Server<= 11.1.0.3
SolarwindsServ-U File Server3.0.0.16
SolarwindsServ-U File Server3.0.0.17
SolarwindsServ-U File Server3.1.0.0
SolarwindsServ-U File Server3.1.0.1
SolarwindsServ-U File Server3.1.0.3
SolarwindsServ-U File Server4.0.0.4
SolarwindsServ-U File Server4.1.0.0
SolarwindsServ-U File Server4.1.0.3
SolarwindsServ-U File Server5.0.0.0
SolarwindsServ-U File Server5.0.0.4
SolarwindsServ-U File Server5.0.0.9
SolarwindsServ-U File Server5.0.0.11
SolarwindsServ-U File Server5.1.0.0
SolarwindsServ-U File Server5.2.0.0
SolarwindsServ-U File Server5.2.0.1
SolarwindsServ-U File Server6.0.0.0
SolarwindsServ-U File Server6.0.0.1
SolarwindsServ-U File Server6.0.0.2
SolarwindsServ-U File Server6.1.0.0
SolarwindsServ-U File Server6.1.0.1
SolarwindsServ-U File Server6.1.0.4
SolarwindsServ-U File Server6.1.0.5
SolarwindsServ-U File Server6.2.0.0
SolarwindsServ-U File Server6.2.0.1
SolarwindsServ-U File Server6.3.0.0
SolarwindsServ-U File Server6.3.0.1
SolarwindsServ-U File Server6.4.0.0
SolarwindsServ-U File Server6.4.0.1
SolarwindsServ-U File Server6.4.0.2
SolarwindsServ-U File Server6.4.0.3
SolarwindsServ-U File Server6.4.0.4
SolarwindsServ-U File Server6.4.0.5
SolarwindsServ-U File Server6.4.0.6
SolarwindsServ-U File Server7.0.0.1
SolarwindsServ-U File Server7.0.0.2
SolarwindsServ-U File Server7.0.0.3
SolarwindsServ-U File Server7.0.0.4
SolarwindsServ-U File Server7.1.0.0
SolarwindsServ-U File Server7.1.0.1
SolarwindsServ-U File Server7.1.0.2
SolarwindsServ-U File Server7.2.0.0
SolarwindsServ-U File Server7.2.0.1
SolarwindsServ-U File Server7.3.0.0
SolarwindsServ-U File Server7.3.0.1
SolarwindsServ-U File Server7.3.0.2
SolarwindsServ-U File Server7.4.0.0
SolarwindsServ-U File Server7.4.0.1
SolarwindsServ-U File Server8.0.0.1
SolarwindsServ-U File Server8.0.0.2

Showing 50 of 89 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-4800?
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
How severe is CVE-2011-4800?
Severity scoring for CVE-2011-4800 is pending analysis. The EPSS model estimates a 8.38% probability of exploitation in the next 30 days.
How do I fix CVE-2011-4800?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4800?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST