CVE-2009-4006 [Critical] | Memory Corruption in Serv-U File Server

CVE-2009-4006 is rated High Exploit Risk (91.5/100): CVSS Critical severity, with high exploitation likelihood (EPSS 77.87%, 99th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.84% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
16775	exploit_db	edb	2010-03-10	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

16775

exploit_db

edb

2010-03-10

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-03-04	76.02%	77.87%	+1.84%
2	2026-03-01	77.87%	76.02%	-1.84%
3	2026-02-04	—	77.87%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-03-04

76.02%

77.87%

+1.84%

2026-03-01

77.87%

76.02%

-1.84%

2026-02-04

—

77.87%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

[email protected]

Affected software / configurations for CVE-2009-4006

Vendor	Product	Version	Raw CPE
solarwinds	serv-u_file_server	7.0.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:::::::*
solarwinds	serv-u_file_server	7.0.0.2	cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:::::::*
solarwinds	serv-u_file_server	7.0.0.3	cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:::::::*
solarwinds	serv-u_file_server	7.0.0.4	cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:::::::*
solarwinds	serv-u_file_server	7.1.0.0	cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:::::::*
solarwinds	serv-u_file_server	7.1.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:::::::*
solarwinds	serv-u_file_server	7.1.0.2	cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:::::::*
solarwinds	serv-u_file_server	7.2.0.0	cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:::::::*
solarwinds	serv-u_file_server	7.2.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:::::::*
solarwinds	serv-u_file_server	7.3.0.0	cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:::::::*
solarwinds	serv-u_file_server	7.3.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:::::::*
solarwinds	serv-u_file_server	7.3.0.2	cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:::::::*
solarwinds	serv-u_file_server	7.4.0.0	cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:::::::*
solarwinds	serv-u_file_server	7.4.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:::::::*
solarwinds	serv-u_file_server	8.0.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:::::::*
solarwinds	serv-u_file_server	8.0.0.2	cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:::::::*
solarwinds	serv-u_file_server	8.0.0.4	cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:::::::*
solarwinds	serv-u_file_server	8.0.0.5	cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:::::::*
solarwinds	serv-u_file_server	8.0.0.7	cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:::::::*
solarwinds	serv-u_file_server	8.1.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:::::::*
solarwinds	serv-u_file_server	8.1.0.3	cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:::::::*
solarwinds	serv-u_file_server	8.2.0.0	cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:::::::*
solarwinds	serv-u_file_server	8.2.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:::::::*
solarwinds	serv-u_file_server	8.2.0.3	cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:::::::*
solarwinds	serv-u_file_server	9.0.0.1	cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:::::::*
solarwinds	serv-u_file_server	9.0.0.3	cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:::::::*
solarwinds	serv-u_file_server	9.0.0.5	cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:::::::*
solarwinds	serv-u_file_server	9.1.0.0	cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:::::::*

References for CVE-2009-4006

URL	Tags
http://secunia.com/advisories/37228	Vendor Advisory
http://secunia.com/secunia_research/2009-46/	Vendor Advisory
http://www.osvdb.org/60427
http://www.securityfocus.com/archive/1/507955/100/0/threaded
http://www.securityfocus.com/bid/37051
http://www.securitytracker.com/id?1023199
http://www.serv-u.com/releasenotes/
http://www.vupen.com/english/advisories/2009/3277	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54322
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142

URL

CVE-2009-4006

Public exploit references (Exploit-DB) for CVE-2009-4006

Exploit prediction scoring system (EPSS) score for CVE-2009-4006

Common vulnerability scoring system (CVSS) metrics for CVE-2009-4006

Weakness enumeration for CVE-2009-4006

Affected software / configurations for CVE-2009-4006

References for CVE-2009-4006