java漏洞曆史

内容來自以前收集的思維導圖，作者不明。

1.JDK漏洞

• 1.1.CVE-2012-4681

  https://www.freebuf.com/vuls/5485.html

  msf: exploit/multi/browser/java_jre17_jaxws

• 1.2.CVE-2012-0507

  https://blog.csdn.net/wcf1987/article/details/84368813

  msf: exploit/multi/browser/java_atomicreferencearray

• 1.3.CVE-2012-1723

  https://www.securityfocus.com/bid/53960

  msf: exploit/ulti/browser/java_verifier_field_access

• 1.4.CVE-2013-0422

  https://blog.csdn.net/wcf1987/article/details/84380363

  msf: exploit/multi/browser/java_jre17_jmxbean

2.中間件漏洞

2.1.Tomcat

• 2.1.1.CVE-2017-12617

  https://www.freebuf.com/vuls/150203.html

• 2.1.2.CVE-2018-11784

  http://zhutougg.com/2018/10/08/cve-2018-11784-tomcat-urltiao-zhuan-lou-dong/

2.2.JBoss

• 2.2.1.CVE-2010-1871

  msf: exploit/multi/http/jboss_seam_upload_exec

• 2.2.2.CVE-2010-0738

  msf: auxiliary/scanner/http/jboss_vulnscan

• 2.2.3.CVE-2013-6469

• 2.2.4.CVE-2017-7504

  http://gv7.me/articles/2018/CVE-2017-7504/

• 2.2.5.CVE-2017-12149

  https://www.cnblogs.com/Oran9e/p/7897102.html

• 2.2.6.反序列化

  https://www.seebug.org/vuldb/ssvid-89723

• 2.2.7.WebConsole/Invoker 代碼執行漏洞
• 2.2.8.JMXInvoker 代碼執行漏洞

2.3.Jetty

• 2.3.1.CVE-2005-3747

  URL編碼的反斜線源代碼暴露漏洞

  https://www.rapid7.com/db/vulnerabilities/http-jetty-jsp-source-disclosure

2.4.Jenkins

• 2.4.1.CVE-2018-1999002 任意檔案讀取漏洞

  https://paper.seebug.org/648/

• 2.4.2.CVE-2018-1000861

  https://xz.aliyun.com/t/3912

• 2.4.3.CVE-2017-1000353 反序列化指令執行

  https://xz.aliyun.com/t/179

• 2.4.4.CVE-2017-1000353

  https://ssd-disclosure.com/index.php/archives/3171

3.開發架構及元件漏洞

3.1.Struts架構

• 3.1.1.Struts2所有漏洞連結

  https://cwiki.apache.org/confluence/display/WW/Security+Bulletins

• 3.1.2.指令執行漏洞

• S2-003/S2-005

  https://xz.aliyun.com/t/2323

• S2-009

  https://www.kingkk.com/2018/09/Struts2-指令-代碼執行漏洞分析系列-S2-008-S2-009/

• S2-012

  https://hub.docker.com/r/vulhub/s2-012/

• S2-013/S2-014

  https://xz.aliyun.com/t/2694

• S2-015

  https://github.com/vulhub/vulhub/tree/master/struts2/s2-015

• S2-016

  https://blog.csdn.net/u011721501/article/details/41735885

• S2-029

  https://www.iswin.org/2016/03/20/Struts2-S2-029漏洞分析/

• S2-032

  http://avfisher.win/archives/tag/s2-032

• S2-033

  https://blog.csdn.net/qq_29277155/article/details/51672877

• S2-036

• S2-037

  http://blog.nsfocus.net/struts2-s2-037-vulnerability-analysis/

• S2-045

  https://paper.seebug.org/247/

• S2-052

  https://paper.seebug.org/383/

• S2-053

  https://www.freebuf.com/vuls/147735.html

• S2-057

  http://blog.nsfocus.net/s2-075-protection-plan/

3.2.Spring架構

• 3.2.1.Spring所有漏洞連結

  https://pivotal.io/security

• 3.2.2.高危漏洞
• • 3.2.2.1.XXE

• cve-2013-4152

  https://pivotal.io/security/cve-2013-4152

• cve-2013-7315

  https://pivotal.io/security/cve-2013-7315

• CVE-2013-6429

  https://pivotal.io/security/cve-2013-6429

• CVE-2014-0054

  https://pivotal.io/security/cve-2014-0054

• CVE-2017-8040

  https://pivotal.io/security/cve-2017-8040

• CVE-2018-1259

  https://pivotal.io/security/cve-2018-1259

• CVE-2019-3774

  https://pivotal.io/security/cve-2019-3774

• CVE-2019-3773

  https://pivotal.io/security/cve-2019-3773

• CVE-2019-3772

  https://pivotal.io/security/cve-2019-3772

• • 3.2.2.2.XSS

• CVE-2013-6430

  https://pivotal.io/security/cve-2013-6430

• CVE-2014-1904

  https://pivotal.io/security/cve-2014-1904

• CVE-2018-1229

  https://pivotal.io/security/cve-2018-1229

• • 3.2.2.3.RCE

• CVE-2016-2173

  https://pivotal.io/security/cve-2016-2173

• CVE-2016-4977

  https://pivotal.io/security/cve-2016-4977

• CVE-2017-8045

  https://pivotal.io/security/cve-2017-8045

• CVE-2018-1270

  https://pivotal.io/security/cve-2018-1270

• CVE-2018-1260

  https://pivotal.io/security/cve-2018-1260

3.3.Play架構

• 3.3.1.所有漏洞連結

  https://www.playframework.com/security/vulnerability

• 3.3.2.高危漏洞

• Logback反序列化漏洞

  https://www.playframework.com/security/vulnerability/20170407-LogbackDeser

• CVE-2014-3630

  https://www.playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity

3.4.Dubbo

• 3.4.1.反序列化指令執行漏洞

  https://shuimugan.com/bug/view?bug_no=188237

• 3.4.2.未授權通路

4.安全架構

4.1.OWASP ESAPI

• 4.1.1.注入

  Validator,Encoder

• 4.1.2.XSS

  Encoder

• 4.1.3.失效的身份認證和會話管理

  HTTPUtilities(Safe Upload)

• 4.1.4.不安全的直接對象引用

  AccessReferenceMap,AccessController

• 4.1.5.跨站請求僞造(CSRF)

  CSRF Token

• 4.1.6.安全配置錯誤

  EnterpriseSecurityException,HTTPUtils

• 4.1.7.不安全的加密存儲

  Authenticator,User,HTTPUtils

• 4.1.8.沒有限制的URL通路

  Encryptor

• 4.1.9.傳輸層保護不足

  HTTPUtils(Secure Cookie,Channel)

• 4.1.10.未驗證的重定向和轉發

  AccessController

4.2.Spring Security

• 4.2.1.重要元件
• SecurityContextHolder
• SecurityContext
• AuthenticationManager
• ProviderManager
• AuthenticationProvider
• Authentication
• GrantedAuthority
• UserDetails
• UserDetailsService
• 4.2.2.重要過濾器
• WebAsyncManagerIntegrationFilter
• SecurityContextPersistenceFilter
• HeaderWriterFilter
• CorsFilter
• LogoutFilter
• RequestCacheAwareFilter
• SecurityContextHolderAwareRequestFilter
• AnonymousAuthenticationFilter
• SessionManagementFilter
• ExceptionTranslationFilter
• FilterSecurityInterceptor
• UsernamePasswordAuthenticationFilter
• BasicAuthenticationFilter

4.3.Shiro