CVE-2011-4800

Solarwinds Serv-u File Server < 11.1.0.3 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by kingcope · textremotewindows

https://www.exploit-db.com/exploits/18182

View Code ZIP pw:eip

References (4)

[Various Sources] http://www.serv-u.com/releasenotes/

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html

[Vendor Advisory] http://secunia.com/advisories/47021

[Exploit] http://www.exploit-db.com/exploits/18182

Scores

EPSS 0.0161

EPSS Percentile 81.5%

Classification

CWE

CWE-22

Status draft

Affected Products (50)

solarwinds/serv-u_file_server < 11.1.0.3

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

solarwinds/serv-u_file_server

... and 35 more

Timeline

Published Dec 14, 2011

Tracked Since Feb 18, 2026