[我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability
2024-09-04 16:42:52
漏洞编号:CNVD-2017-36700
漏洞编号:CVE-2017-15708
漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache Synapse(CVE-2017-15708)远程命令执行漏洞分析]
// 今年年底抽出时间看Apache的Project,也顺利完成在年初的flag
Apache Synapse Remote Code Execution Vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1
Description:
Due to the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions,
Apache Synapse 3.0.0 or all previous releases allows remote code execution attacks that can be performed by injecting specially crafted serialized objects.
Mitigation:
Upgrade to 3.0.1 version.
In Synapse 3.0.1 version, Commons Collection has been updated to 3.2.2 version which contains the fix for the above mentioned vulnerability.
Credit:
This issue was discovered by QingTeng cloud Security of Minded Security
Researcher jianan.huang
References:
https://commons.apache.org/proper/commons-collections/security-reports.html
https://nvd.nist.gov/vuln/detail/CVE-2017-15708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15708
https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E
http://seclists.org/oss-sec/2017/q4/378
http://www.openwall.com/lists/oss-security/2017/12/10/4
最新文章
- Request.Form接收不到post数据.
- PHP 删除文件(图片)
- Rails : 产品环境(生产环境)的部署
- 权限管理:(RBAC)
- (三)Qt语言国际化
- Spring aop实现方式记录
- 关于MySQL Connector/C++那点事儿
- Ubuntu忘记管理员密码
- PHP - FTP上传文件类
- Android Property Animation 物业动画
- MongoDB 数据库引用
- linux虚拟机 在install yum时提示无法获得锁 var/lib/dekg/lock时该如何解决?
- 树莓派(Raspberry Pi)使用Shell编写的极简Service
- Mongodb--基础(连接,增删改查,数据类型)
- libsvm使用说明
- Vue02
- Python IDLE快捷键【转载合集】
- Python之路(三)
- 关于kv的jch分片存储
- 读书笔记|Windows 调试原理学习|持续更新