April 19th, 2024
CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files. This has been patched in v11.1.0. Customers using a DMZ in front of their main CrushFTP instance are protected with its protocol translation system it utilizes. (CREDIT:Simon Garrelou, of Airbus CERT)
All prior versions of CrushFTP were also affected by this most recent vulnerability.
CrushFTP v10 info: https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files. This has been patched in v11.1.0. Customers using a DMZ in front of their main CrushFTP instance are protected with its protocol translation system it utilizes. (CREDIT:Simon Garrelou, of Airbus CERT)
All prior versions of CrushFTP were also affected by this most recent vulnerability.
CrushFTP v10 info: https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
jpg |
minor_update.jpg | 356.6 kB | 1 | 05-Dec-2023 05:32 | Ada Csaba |
«
This particular version was published on 19-Apr-2024 05:27 by Ben Spink.
G’day (anonymous guest)
Log in
CrushFTP11 | What's New
- WebInterface
- Server Admin
- User Manager
- Client Apps
- CrushBalance Load Balancer
- High Availability
- Self Registration
- Preferences
- Email Templates
- Restrictions
- Replication
- Banning
- Logging
- Encryption
- Alerts
- Folder Monitor
- Tunnels
- Syncs
- User Config
- Search Config
- Preview
- Misc
- Plugins
- Manage Shares
- PGP
- Telnet
- FAQ
- API
- Linux Install
- Virtual Linux Server
- Server Variables
- Google Authenticator and Microsoft Authenticator
- AS2 EDI
JSPWiki