ID

VAR-201004-0065


CVE

CVE-2009-4815


TITLE

Serv-U Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2010-005130

DESCRIPTION

Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors. Serv-U File Server is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to harvest sensitive information that may lead to further attacks. Versions prior to SERV-U File Server 9.2.0.1 are vulnerable. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Serv-U File Server Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA37847 VERIFY ADVISORY: http://secunia.com/advisories/37847/ DESCRIPTION: A vulnerability has been reported in Serv-U File Server, which can be exploited by malicious users to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to disclose directories placed outside a user's root directory. SOLUTION: Update to version 9.2.0.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2009-4815 // JVNDB: JVNDB-2010-005130 // BID: 37414 // PACKETSTORM: 84087

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.5

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.4.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.4.0.6

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.9

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.16

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.4.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.4.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.4.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.3.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.0.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.1.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.17

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.1.0.5

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.4.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.4.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.0.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.0.0.5

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.4.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.1.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.4.0.5

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.11

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.7

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.3.0.0

Trust: 1.0

vendor:rhinomodel:serv-u ftp serverscope:ltversion:9.2.0.1

Trust: 0.8

vendor:serv umodel:serv-uscope:eqversion:7.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:9.0.0.5

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:9.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.2

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:9.0.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.1.0.2

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.1.0.1

Trust: 0.6

vendor:serv umodel:file serverscope:eqversion:9.1.0.4

Trust: 0.3

vendor:serv umodel:file serverscope:eqversion:9.1.0.2

Trust: 0.3

vendor:serv umodel:file serverscope:eqversion:9.1.0.0

Trust: 0.3

vendor:serv umodel:file serverscope:eqversion:9.0.0.5

Trust: 0.3

vendor:serv umodel:file serverscope:eqversion:9.0.0.3

Trust: 0.3

vendor:serv umodel:file serverscope:eqversion:9.0.0.1

Trust: 0.3

vendor:serv umodel:file serverscope:eqversion:9.0.0.0

Trust: 0.3

vendor:serv umodel:file serverscope:neversion:9.2.0.1

Trust: 0.3

sources: BID: 37414 // JVNDB: JVNDB-2010-005130 // CNNVD: CNNVD-201004-431 // NVD: CVE-2009-4815

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4815
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-4815
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201004-431
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2009-4815
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2010-005130 // CNNVD: CNNVD-201004-431 // NVD: CVE-2009-4815

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2010-005130 // NVD: CVE-2009-4815

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-431

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201004-431

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-005130

PATCH

title:Serv-U FTP Server Release Notesurl:http://www.serv-u.com/releasenotes/

Trust: 0.8

sources: JVNDB: JVNDB-2010-005130

EXTERNAL IDS

db:NVDid:CVE-2009-4815

Trust: 2.7

db:BIDid:37414

Trust: 1.9

db:SECUNIAid:37847

Trust: 1.7

db:VUPENid:ADV-2009-3595

Trust: 1.6

db:JVNDBid:JVNDB-2010-005130

Trust: 0.8

db:CNNVDid:CNNVD-201004-431

Trust: 0.6

db:PACKETSTORMid:84087

Trust: 0.1

sources: BID: 37414 // JVNDB: JVNDB-2010-005130 // PACKETSTORM: 84087 // CNNVD: CNNVD-201004-431 // NVD: CVE-2009-4815

REFERENCES

url:http://www.serv-u.com/releasenotes/

Trust: 2.0

url:http://www.securityfocus.com/bid/37414

Trust: 1.6

url:http://secunia.com/advisories/37847

Trust: 1.6

url:http://www.vupen.com/english/advisories/2009/3595

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/54932

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4815

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4815

Trust: 0.8

url:http://www.serv-u.com/

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/37847/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: BID: 37414 // JVNDB: JVNDB-2010-005130 // PACKETSTORM: 84087 // CNNVD: CNNVD-201004-431 // NVD: CVE-2009-4815

CREDITS

Serv-U

Trust: 0.6

sources: CNNVD: CNNVD-201004-431

SOURCES

db:BIDid:37414
db:JVNDBid:JVNDB-2010-005130
db:PACKETSTORMid:84087
db:CNNVDid:CNNVD-201004-431
db:NVDid:CVE-2009-4815

LAST UPDATE DATE

2024-11-23T22:03:04.515000+00:00


SOURCES UPDATE DATE

db:BIDid:37414date:2015-04-13T21:05:00
db:JVNDBid:JVNDB-2010-005130date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-201004-431date:2020-07-29T00:00:00
db:NVDid:CVE-2009-4815date:2024-11-21T01:10:31.897

SOURCES RELEASE DATE

db:BIDid:37414date:2009-12-18T00:00:00
db:JVNDBid:JVNDB-2010-005130date:2012-12-20T00:00:00
db:PACKETSTORMid:84087date:2009-12-21T13:56:55
db:CNNVDid:CNNVD-201004-431date:2010-04-27T00:00:00
db:NVDid:CVE-2009-4815date:2010-04-27T15:30:00.703