Firewall bypass due to Java/Python FTP Injections

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Firewall bypass due to Java/Python FTP Injections

Hi. Reading the article below on firewall bypass I was wondering if Palo Alto Networks by default blocks active FTP connections.

 

http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

 

That would mitigate the threat. Anyone an idea?

2 accepted solutions

Accepted Solutions

L5 Sessionator

content 667 was released:

 

Notes:

Palo Alto Networks has released a content update to add coverage for FTP Java/Python FTP Injection vulnerability as discussed in the security advisory [1]. Customers are advised to upgrade all devices to Content Apps and Threats Version 667-3876 or later and review policies to ensure desired actions are configured on all security policies. References [1] - http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

 

I can find FIVE "Java/Python FTP Injection Vulnerability" vulnerability signatures in it.

 

View solution in original post

I check in PANW Threat Vault has update Content Apps and Threats Version 667-3876 for FTP Java/Python FTP Injection vulnerability already. Thank you for information.

 

3-2-2017 1-46-35 PM.jpg

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

If you don't have a security policy that would allow FTP sessions into your network then it would be blocked, if you for some reason have any 'any any' rule from your trust to untrust then the session would be allowed. 

Yes i understand about we can blocking with don't use allow FTP in security policy but if someone want to use policy ftp for allow FTP service to untrust or any zone. I think firewall should have a FTP Injections signature to protect this vulnerability.

L5 Sessionator

content 667 was released:

 

Notes:

Palo Alto Networks has released a content update to add coverage for FTP Java/Python FTP Injection vulnerability as discussed in the security advisory [1]. Customers are advised to upgrade all devices to Content Apps and Threats Version 667-3876 or later and review policies to ensure desired actions are configured on all security policies. References [1] - http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

 

I can find FIVE "Java/Python FTP Injection Vulnerability" vulnerability signatures in it.

 

I check in PANW Threat Vault has update Content Apps and Threats Version 667-3876 for FTP Java/Python FTP Injection vulnerability already. Thank you for information.

 

3-2-2017 1-46-35 PM.jpg

  • 2 accepted solutions
  • 4149 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!