A valid CSRF token is present in response to an invalid request (CVE-2021-35242)

Summary

Serv-U server responds with valid CSRF Token when the request contains only Session.

Affected Products

  • Serv-U 15.2.4 HF1 and previous versions

Fixed Software Release

  • Serv-U 15.2.5
Advisory Details
Severity
High
Advisory ID

CVE-2021-35242

First Published
12/03/2021
Last Updated
12/03/2021
Fixed Version

Serv-U 15.2.5

CVSS Score

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Download PDF
Send an Email