PT-2013-66: Cross-Site Request Forgery (CSRF) in Serv-U File Server Vulnerable softwareServ-U File Server Version: 15.1.0.480 and earlierLink: http://www.serv-u.com/Severity levelSeverity level: Medium Impact: Cross-Site Request Forgery Access Vector: Remote CVSS v2: Base Score: 6.8 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)CVE: not assignedSoftware descriptionServ-U File Server is a Windows and Linux based multi-protocol FTP, HTTP and SFTP file server.Vulnerability descriptionThe specialists of the Positive Research center have detected a Cross-Site Request Forgery vulnerability in Serv-U File Server.All kinds of web interfaces are vulnerable to Cross-Site Request Forgery (CSRF) attacks. The vulnerability allows an attacker to modify the system configuration.How to fixNo solutionAdvisory status 02.10.2013 - Vulnerability details were sent to CERT 31.07.2014 - Public disclosureCreditsThe vulnerability was detected by Sergey Bobrov, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2013-66 Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/