CrushFTP 零日漏洞预警——立即修补
2 分•作者: oceanstack•5 个月前
注意:CrushFTP 存在一个零日漏洞,目前正被积极利用。如果您未使用他们的 DMZ 代理设置,攻击者可以通过 HTTPS 远程获取管理员访问权限。受影响的版本包括 10.8.5 之前和 11.3.4_23 之前的版本。
该漏洞自 7 月中旬以来已在野外被利用。请尽快修补并检查您的日志!
查看原文
Heads up—there’s a zero-day in CrushFTP that’s being actively exploited. If you’re not using their DMZ proxy setup, attackers can remotely grab admin access via HTTPS. Versions before 10.8.5 and 11.3.4_23 are affected.<p>Already being used in the wild since mid-July. Patch ASAP and check your logs!