当前位置:网站首页>(personal) sorting out system vulnerabilities after recent project development

(personal) sorting out system vulnerabilities after recent project development

2022-04-23 13:01:00 His Highness the peach blossom demon

operating system Host tag Vulnerability name Hole type Threat level explain Last test time state Vulnerability description Repair plan Reference link Disclosure time CVE Number CVSS score
linux64_Linux.x86_64 Spring Framework reflective file download vulnerability (CVE-2020-5421) Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/spring-core-4.3.12.RELEASE.jar, edition :4.3.12 2022/2/7 0:34 To be repaired VMware Tanzu Issue safety bulletins , stay Spring Framework edition 5.2.0-5.2.8、5.1.0-5.1.17、5.0.0-5.0.18、4.3.0-4.3.28 And older unsupported versions , Published an existing in Spring Framework Reflective file download in (Reflected File Download,RFD) Loophole CVE-2020-5421.
CVE-2020-5421 It can be done by jsessionid Path parameter , Bypass the defense RFD The protection of the attack . Previously targeted RFD Our protection is in response to CVE-2015-5211 Added .
An attacker sends a message with a batch script extension to the user URL, Enables users to download and execute files , Thus endangering the user system .VMware Tanzu Officials have released a new version to fix the vulnerability .
Spring Framework yes Java An open source full stack application framework and control inversion container implementation of the platform , Commonly referred to directly as Spring.		 Officials have released a new version that fixes the vulnerability , It is recommended that relevant users upgrade and protect as soon as possible .
Download link :https://github.com/spring-projects/spring-framework/releases		 https://s.tencent.com/research/report/1131.html 2020/9/21 0:00 CVE-2020-5421 6.5
linux64_Linux.x86_64 Oracle MySQL JDBC XXE Loophole (CVE-2021-2471) Application vulnerability Middle risk /home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/mysql-connector-java-5.1.47.jar : 5.1.47 2022/2/7 0:34 To be repaired In less than 8.0.27 In version mysql-connector-java There is XXE Loophole , Allows remote attackers to exploit the XXE The vulnerability reads arbitrary files or causes the program to crash . upgrade MySQL JDBC(mysql-connector-java jar package ) To 8.0.27 Above version .
Official website download address :https://dev.mysql.com/downloads/connector/j/		 https://s.tencent.com/research/report/124 2021/10/21 0:00 CVE-2021-2471 5.9
linux64_Linux.x86_64 Linux polkit Local privilege promotion vulnerability (CVE-2021-4034) Application vulnerability High-risk Linux polkit Version is 0.112-26.el7 , Vulnerability 2022/2/9 9:44 Repaired In recent days, , The foreign security team issued a security announcement saying , stay polkit Of pkexec A local privilege escalation vulnerability was found in the program .pkexec The application is a setuid Tools , Designed to allow non privileged users to run commands as privileged users according to predefined policies .
Because of the current version of pkexec Cannot handle call parameter count correctly , And will eventually try to execute the environment variable as a command . An attacker can control environment variables , To induce pkexec Execute arbitrary code . After successful use , Can cause non privileged users to gain administrator privileges .		 1、 Unable to upgrade the of the software repair package , You can use the following command to delete pkexec Of SUID-bit Access to avoid vulnerability risk :
       chmod 0755 /usr/bin/pkexec
2、CentOS 7 Users of can use yum update polkit Upgrade repair ,Centos 5、6、8 The official has terminated the life cycle (EOL) maintain , It is recommended to stop using ;
3、RedHat Users are advised to contact the red hat official to obtain the security repair source and then execute yum update polkit Upgrade repair ;
4、Ubuntu 18.04 LTS、Ubuntu 20.04 LTS Users of can use sudo apt-get install policykit-1 Upgrade repair ,Ubuntu 14.04、16.04、12.04 The official has terminated the life cycle (EOL) maintain , Repair requires an extra charge Ubuntu ESM( Extended security maintenance ) service , It is recommended to stop using .		 http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202201-2343 2022/1/26 0:00 CVE-2021-4034 7.8
linux64_Linux.x86_64 Jackson-databind Deserialization vulnerability (CVE-2021-20190) Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/jackson-databind-2.8.10.jar, edition :2.8.10 2022/2/7 0:34 To be repaired 2021 year 1 month 19 Japan ,jackson-databind The official safety notice , Disclosure jackson-databind < 2.9.10.6 There is a deserialization vulnerability , This vulnerability could lead to remote code execution . Upgrade to safe version
jackson-databind >= 2.9.10.7		 https://s.tencent.com/research/report/1232.html 2021/1/19 0:00 CVE-2021-20190 8.1
linux64_Linux.x86_64 Jackson-databind Deserialization vulnerability (CVE-2020-36179 etc. ) Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/jackson-databind-2.8.10.jar, edition :2.8.10 2022/2/7 0:34 To be repaired 2021 year 1 month 7 Japan ,jackson-databind The official safety notice , Disclosure jackson-databind < 2.9.10.8 There are multiple deserialization remote code execution vulnerabilities (CVE-2020-36179 ~ CVE-2020-36189), Exploit the vulnerability , Attackers can execute code remotely , Control server . To upgrade to 2.9.10.8 And above https://s.tencent.com/research/report/1217.html 2021/1/7 0:00 CVE-2020-36179 ~ CVE-2020-36189 8.1
linux64_Linux.x86_64 Jackson Remote code execution vulnerability (CVE-2020-35728) Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/jackson-databind-2.8.10.jar, edition :2.8.10 2022/2/7 0:34 To be repaired 2020 year 12 month 27 Japan ,jackson-databind The official safety notice , Disclosure jackson-databind < 2.9.10.8 There is a deserialization Remote Code Execution Vulnerability (CVE-2020-35728). Exploit the vulnerability , Attackers can execute code remotely , Control server . If not used enableDefaultTyping() Method , The vulnerability can be ignored . Security version :
jackson-databind >= 2.9.10.8 ( Not yet available )
jackson-databind >= 2.10.0
Vulnerability mitigation measures :
1. The official patch has not been released yet , It is recommended that customers use jackson-databind > 2.10 Version of , This version uses activateDefaultTyping(), Configuring a white list can completely eliminate such risks .
For the white list configuration method, please refer to : reference :https://s.tencent.com/research/bsafe/1209.html
2. Cannot upgrade for jackson-databind Of , Check and report relevant information jar Removing components from application dependencies can prevent vulnerability attacks ( Risk of unavailability of the application ).		 https://s.tencent.com/research/report/1209.html 2020/12/28 0:00 CVE-2020-35728 8.1
linux64_Linux.x86_64 Jackson Remote code execution vulnerability (CVE-2020-35490 etc. ) Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/jackson-databind-2.8.10.jar, edition :2.8.10 2022/2/7 0:34 To be repaired 2020 year 12 month 17 Japan ,jackson-databind The official safety notice , Disclosure jackson-databind < 2.9.10.8 There is a deserialization Remote Code Execution Vulnerability (CVE-2020-35490/CVE-2020-35491). Exploit the vulnerability , An attacker can take control of the server . Security version :
jackson-databind >= 2.9.10.8 ( Not yet available )
jackson-databind >= 2.10.0		 https://s.tencent.com/research/report/1205.html 2020/12/19 0:00 CVE-2020-35490/CVE-2020-35491 8.1
linux64_Linux.x86_64 Fastjson Remote code execution vulnerability Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/fastjson-1.2.39.jar, edition :1.2.39 2022/2/7 0:34 To be repaired In recent days, (2019 year 6 month 22 Japan ),Fastjson Expose Remote Code Execution Vulnerability , Can result in direct access to server permissions , At present, no official announcement has been issued to explain , The vulnerability was studied by internal security personnel , Large impact area , Please upgrade the R & D personnel in time . Upgrade to 1.2.51 And above , It is recommended to maintain the latest version https://github.com/alibaba/fastjson/issues/2513 2019/6/22 0:00 9.8
linux64_Linux.x86_64 Fastjson Remote code execution vulnerability Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/fastjson-1.2.39.jar, edition :1.2.39 2022/2/7 0:34 To be repaired FastJSON In deserialization JSON There is a deserialization vulnerability in , Can cause remote command execution vulnerabilities . 1. Upgrade to 1.2.42 Version above ;
2. Intercept... In the request `@type` keyword , It is recommended to use Tencent cloud website housekeeper 		https://github.com/alibaba/fastjson/tags 2017/12/12 0:00 9.8
linux64_Linux.x86_64 Fastjson Remote code execution vulnerability Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/fastjson-1.2.39.jar, edition :1.2.39 2022/2/7 0:34 To be repaired FastJSON In deserialization JSON There is a deserialization vulnerability in , Can cause remote command execution vulnerabilities . 1. Upgrade to 1.2.48 Version above ;
2. Intercept... In the request `@type` keyword , It is recommended to use Tencent cloud website housekeeper 		https://github.com/alibaba/fastjson/wiki/security_update_20170315 2019/7/30 0:00 9.8
linux64_Linux.x86_64 Fastjson Remote code execution vulnerability Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/fastjson-1.2.39.jar, edition :1.2.39 2022/2/7 0:34 To be repaired Fastjson 1.2.69 There is a Remote Code Execution Vulnerability in the following versions , Hackers can use this vulnerability to gain server privileges , Bring great security risks to server security . Upgrade to 1.2.69 And above https://cloud.tencent.com/announce/detail/1112?from=timeline&isappinstalled=0 2020/5/28 0:00 9.8
linux64_Linux.x86_64 Fastjson Deserializing Remote Code Execution Vulnerability Application vulnerability High-risk route :/home/apache-tomcat-8.0.45/webapps/api/WEB-INF/lib/fastjson-1.2.39.jar, edition :1.2.39 2022/2/7 0:34 To be repaired fastjson Use the blacklist method to prevent the deserialization vulnerability , As a result, when hackers continue to discover new exploitable deserialization Gadgets Class time , You can easily bypass the blacklist defense mechanism , The deserialization vulnerability will reappear . remind fastjson Users should take security measures as soon as possible to prevent vulnerability attacks . Affects version fastjson<1.2.61, Security version fastjson >= 1.2.61.

fastjson since 1.2.5X The above is closed by default autotype, The default configuration is not affected by the vulnerability , This vulnerability can be ignored .		 Upgrade to safe version , Refer to the download link :https://repo1.maven.org/maven2/com/alibaba/fastjson/ https://github.com/alibaba/fastjson/releases/tag/1.2.61?spm=a2c4g.11174386.n2.4.1ac21051dKzZoe&file=1.2.61 2019/9/20 0:00 9.2
linux64_Linux.x86_64 Apache Tomcat The file contains a vulnerability (CVE-2020-1938) Application vulnerability High-risk Tomcat Vulnerability :
/home/apache-tomcat-8.0.45/lib/catalina.jar (version 8.0.45);		 2022/2/7 0:34 To be repaired Apache Tomcat The file contains a vulnerability (CVE-2020-1938).Tomcat AJP Due to the implementation defects of the protocol, the related parameters are controllable , An attacker can exploit this vulnerability by constructing specific parameters , Read server webapp Any file under . If there is a file upload function on the server side at the same time , Attackers can further implement remote code execution , Bring great security risks to the server . Upgrade to the following version .
Tomcat 6 Please upgrade to Tomcat 7/8/9 Corresponding security version .
Tomcat 7 Upgrade to 7.0.100 edition .
Tomcat 8 Upgrade to 8.5.51 edition .
Tomcat 9 Upgrade to 9.0.31 edition .		 https://www.cnblogs.com/r00tuser/p/12343153.html 2020/2/20 0:00 CVE-2020-1938 9.8

版权声明
本文为[His Highness the peach blossom demon]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231258434722.html

边栏推荐

猜你喜欢

随机推荐