Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2990: Is EFT susceptible to the "Denial of service via recursive Deflate Stream" vulnerability?

Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service

CVE
#vulnerability#dos
  • Home
  • »
  • Knowledgebase
  • »
  • EFT
  • »
  • Is EFT susceptible to the "Denial of service via recursive…

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v8.0.0.38 and 8.0.x
  • This is fixed in EFT v8.1.0.16

QUESTION

Is EFT susceptible to the “Denial of service via recursive Deflate Stream” vulnerability?

ANSWER

Yes, you can be vulnerable if you are:

  • Administering EFT remotely
  • Allowing EFT remote administration to be initiated from the Internet
  • Using the default port
  • Not whitelisting trusted IPs

MORE INFORMATION

Sending a recursively compressed packet (a “quine”) to the administration port can crash EFT. This can be mitigated by limiting access to administer EFT at the network level. You may be affected if you allow remote administration to EFT to be initiated from the internet. As stated in our best practices, do not expose port 1100 to the internet. You will always want to whitelist trusted IPs. The most secure method is to disallow remote administration outside of the host EFT server and only login in via localhost (::1 or 127.0.0.1).

Share Article

On a scale of 1-5, please rate the helpfulness of this article

Optionally provide additional feedback to help us improve this article…

Thank you for your feedback!

Last Modified: Last Week

Last Modified By: kmarsh

Type: HOTFIX

Article not rated yet.

Article has been viewed 2.7K times.

Related news

CVE-2023-2991: Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907