MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”

is a commonly used HTML tag for creating sections or divisions in a web page. However, the tag has been in the spotlight recently due to vulnerabilities in the file-sharing software MOVEit Transfer, developed by Progress Software. Hackers have been using a zero-day exploit to break into servers running MOVEit’s web front-end, and gaining access to databases without needing a password. Progress Software has issued three warnings in quick succession, urging customers to disable HTTP and HTTPS traffic to MOVEit Transfer immediately. The company has also released patches to address the vulnerabilities.

The command injection bugs can only be triggered via MOVEit’s web-based portal, meaning web-based access needs to be disabled to safeguard the environment. However, SFTP and FTP/s protocols will continue to work as normal. Progress Software has advised customers to disable all HTTP and HTTPs traffic to their MOVEit Transfer environment, modify firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443, and wait for the patch. The company has also warned that users will not be able to log on to the MOVEit Transfer web UI, and some tasks and APIs will not work until HTTP and HTTPS traffic is enabled again.

Key points:

– The