Posted by Timothy D. Morgan on Feb 21

Overview
Recently, an vulnerability in Java’s FTP URL handling code has been published which allows for protocol stream
injection. It has been shown[1] that this flaw could be used to leverage existing XXE or SSRF vulnerabilities to send
unauthorized email from Java applications via the SMTP protocol. While technically interesting, the full impact of this
protocol stream injection has not been fully accounted for in existing public…