Source |
Network World |
Identifiant |
319486 |
Date de publication |
2017-02-21 09:52:32 (vue: 2017-02-21 09:52:32) |
Titre |
Java and Python FTP attacks can punch holes through firewalls |
Texte |
The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.To read this article in full or to leave a comment, please click here |
Envoyé |
Oui |
Condensat |
about access alexander allow application applications article attack attackers attacks can click comment connections crafted directory disclose disclosed emails entity even exploited exploiting ext external fail feeding files firewalls force form ftp ftp://user:password@host:port/file full here holes information initiate interesting java klink leave listings local networks parse parser please potentially processes properly punch python read remote researcher running runtime runtimes same saturday security send sensitive server servers showed specially such through trick tricking type urls used validate vulnerabilities vulnerability where which would xml xxe |
Tags |
|
Stories |
|
Notes |
|
Move |
|