Q
Problem solve Get help with specific problems with your technologies, process and projects.

How are FTP injection attacks carried out on Java and Python?

Vulnerabilities in Java and Python have opened them up to possible FTP injections. Expert Nick Lewis explains how enterprises can mitigate these attacks.

Java and Python were both found vulnerable to FTP injection attacks, as caused by XML external entity flaws. Oracle...

and Python have not released patches. What are the possible attack scenarios for FTP injections, and how can enterprises mitigate them?

File Transfer Protocol (FTP) is an unencrypted protocol. It was one of the earliest protocols developed for use on IP networks and is embedded in many types of devices using IP and different programming languages.

Information security was not a top concern when FTP was developed -- networks were much more trusting and were not as open as the current internet. This resulted in a legacy system that has largely been replaced by secure file transfer protocols and programming libraries that have at least gone through minimal security review.

Java was found vulnerable to an attack that enables an attacker to send spam or even directly connect to internal email servers using FTP libraries. The attack on Python uses an FTP injection to open TCP connections on a firewall. Both attacks require code execution on the vulnerable server and passing on arbitrary data when an FTP connection is setup.

Timothy Morgan, founder of Blindspot Security, described several scenarios that enable attackers to bypass firewall settings, such as triggering Java Web Start to run by using Java Network Launch Protocol files containing malicious FTP URLs, using a man-in-the-middle attack and using server-side request forgery.

Enterprises can mitigate the risk from FTP injection vulnerabilities by implementing a secure software development lifecycle, which offers several benefits: code for weeding out malicious inputs to prevent security vulnerabilities; code published on web servers being vetted to ensure it's from a trusted developer; and using secure network protocols, like HTTPS or Secure File Transfer Protocol.

When an enterprise runs code or any application, including web applications, it must be able to trust that the code isn't malicious and exploiting a vulnerability in how a protocol is processed. These mitigations must be built on top of a secure operating system and application environment to be most effective.

Using an encrypted connection also minimizes the chance that the network traffic will be altered with malicious commands, such as from an FTP injection.

Next Steps

Learn what irregular occurrences to look out for when monitoring outbound network traffic

Find out how to pick a secure file transfer product for use in your enterprise

Read how open FTP servers can be protected from the Miner-C malware infection

This was last published in July 2017

Dig Deeper on Application firewall security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your enterprise improve security around older protocols like FTP?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close