CrushFTP 零日漏洞警报 - 立即修补
注意——CrushFTP中存在一个零日漏洞,正在被积极利用。如果您没有使用他们的DMZ代理设置,攻击者可以通过HTTPS远程获取管理员访问权限。受影响的版本包括10.8.5之前和11.3.4_23之前的版本。<p>该漏洞自7月中旬以来已在野外被利用。请尽快打补丁并检查您的日志!
查看原文
Heads up—there’s a zero-day in CrushFTP that’s being actively exploited. If you’re not using their DMZ proxy setup, attackers can remotely grab admin access via HTTPS. Versions before 10.8.5 and 11.3.4_23 are affected.<p>Already being used in the wild since mid-July. Patch ASAP and check your logs!