Security News > 2017 > February > Java, Python FTP Injection Attacks Bypass Firewalls (Threatpost)

2017-02-23 14:19
Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses.
News URL
http://threatpost.com/java-python-ftp-injection-attacks-bypass-firewalls/123858/
Related news
- Fortinet discloses second firewall auth bypass patched in January (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Palo Alto firewalls under attack as miscreants chain flaws for root access (source)
- Palo Alto Networks tags new firewall bug as exploited in attacks (source)
- Defending against EDR bypass attacks (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)