Only the Enterprise Editions of Cerberus FTP Server are affected, as the HTTP/S protocol feature is only included in the Enterprise Editions.Requiring a user with virtual directory permissions of “zip” and/or “unzip”.Only WebClient, which uses the HTTP/S protocols, are affected by this vulnerability FTP, SFTP, and FTPS are unaffected. However, given a secondary exploit that requires knowledge of where files are being placed onto a computer to function, this issue may provide an attack surface to a hostile authenticated user. We have been unable to find evidence of active exploitation of this vulnerability or any proof-of-concept implementations. An authenticated user is able to use the “Zip or Unzip” functionality in order to disclose the full path of the location where files are stored for that user.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |