CVE-2004-1675

Solarwinds Serv-u File Server - Improper Input Validation

Title source: rule

Description

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

Exploits (1)

exploitdb WORKING POC VERIFIED

by str0ke · cdoswindows

https://www.exploit-db.com/exploits/463

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17329

[Patch, Vendor Advisory] http://secunia.com/advisories/12507/

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/11155

[Mailing List] http://marc.info/?l=bugtraq&m=109495074211638&w=2

Scores

EPSS 0.0651

EPSS Percentile 91.1%

Details

CWE

CWE-20

Status published

Products (10)

solarwinds/serv-u_file_server 4.0.0.4

solarwinds/serv-u_file_server 4.1.0.0

solarwinds/serv-u_file_server 4.1.0.3

solarwinds/serv-u_file_server 5.0.0.0

solarwinds/serv-u_file_server 5.0.0.4

solarwinds/serv-u_file_server 5.0.0.9

solarwinds/serv-u_file_server 5.0.0.11

solarwinds/serv-u_file_server 5.1.0.0

solarwinds/serv-u_file_server 5.2.0.0

solarwinds/serv-u_file_server 5.2.0.1

Published Sep 11, 2004

Tracked Since Feb 18, 2026