Security Advisory Description
- This vulnerability impacts Cerberus FTP Server Enterprise deployments using HTTP(S) listeners with Public Sharing enabled.
- Non-Enterprise editions of Cerberus are not affected, as the HTTP(S) protocols are only a feature of the Enterprise edition.
- Other transfer protocols, such as FTP, SFTP, and FTPS, are unaffected.
Known Affected Versions
- 11.0 releases prior to 11.0.1
- 10.0 releases prior to 10.0.17
- 9.0 and older are out of support and no longer receiving updates. It is unknown
whether issues in this advisory affect them.
This issue is addressed in versions 11.0.1 and 10.0.17. Cerberus Administrators are encouraged to upgrade to these versions or higher as soon as possible.
Until upgrade is complete, Cerberus administrators may mitigate by disabling all public sharing or by removing the Public Share permissions from individual virtual directories.
- All public sharing may be disabled through the admin console at User Manager > Public Shares > Disable All Public Sharing.
- Public Upload Share and Public Download Share permissions may be edited through User Manager > User or Group > Virtual Directories.