A valid CSRF token is present in response to an invalid request 

(CVE-2021-35242)

Download PDF

Summary

Serv-U server responds with valid CSRF Token when the request contains only Session.

Affected Products

  • Serv-U 15.2.4 HF1 and previous versions

Fixed Software Release

  • Serv-U 15.2.5

Advisory Details

Severity

8.3 High

Advisory ID

First Published

12/03/2021

Last Updated

12/03/2021

Fixed Version

Serv-U 15.2.5

CVSS Score

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H