header-logo
Suggest Exploit
vendor:
TFTP Server
by:
Unknown
5
CVSS
MEDIUM
Arbitrary File Retrieval
22
CWE
Product Name: TFTP Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2003-0361
CPE: a:solarwinds:tftp_server
Metasploit:
Other Scripts:
Platforms Tested: Windows
2003

SolarWinds TFTP Server Arbitrary File Retrieval Vulnerability

The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary files from the vulnerable server. It would be possible for a remote user to download any files readable through the permissions of the TFTP Server user.

Mitigation:

Upgrade to a version not affected by this vulnerability. It is recommended to use a different TFTP server software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6045/info

SolarWinds TFTP Server is distributed for the Microsoft Windows platform.

The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary files from the vulnerable server. It would be possible for a remote user to download any files readable through the permissions of the TFTP Server user.

tftp example.com GET a\..\..\winnt\repair\sam

Navigation

Suggest Exploit

Services By CQR