内容來自以前收集的思維導圖,作者不明。
1.JDK漏洞
-
1.1.CVE-2012-4681
https://www.freebuf.com/vuls/5485.html
msf: exploit/multi/browser/java_jre17_jaxws
-
1.2.CVE-2012-0507
https://blog.csdn.net/wcf1987/article/details/84368813
msf: exploit/multi/browser/java_atomicreferencearray
-
1.3.CVE-2012-1723
https://www.securityfocus.com/bid/53960
msf: exploit/ulti/browser/java_verifier_field_access
-
1.4.CVE-2013-0422
https://blog.csdn.net/wcf1987/article/details/84380363
msf: exploit/multi/browser/java_jre17_jmxbean
2.中間件漏洞
2.1.Tomcat
-
2.1.1.CVE-2017-12617
https://www.freebuf.com/vuls/150203.html
-
2.1.2.CVE-2018-11784
http://zhutougg.com/2018/10/08/cve-2018-11784-tomcat-urltiao-zhuan-lou-dong/
2.2.JBoss
-
2.2.1.CVE-2010-1871
msf: exploit/multi/http/jboss_seam_upload_exec
-
2.2.2.CVE-2010-0738
msf: auxiliary/scanner/http/jboss_vulnscan
- 2.2.3.CVE-2013-6469
-
2.2.4.CVE-2017-7504
http://gv7.me/articles/2018/CVE-2017-7504/
-
2.2.5.CVE-2017-12149
https://www.cnblogs.com/Oran9e/p/7897102.html
-
2.2.6.反序列化
https://www.seebug.org/vuldb/ssvid-89723
- 2.2.7.WebConsole/Invoker 代碼執行漏洞
- 2.2.8.JMXInvoker 代碼執行漏洞
2.3.Jetty
-
2.3.1.CVE-2005-3747
URL編碼的反斜線源代碼暴露漏洞
https://www.rapid7.com/db/vulnerabilities/http-jetty-jsp-source-disclosure
2.4.Jenkins
-
2.4.1.CVE-2018-1999002 任意檔案讀取漏洞
https://paper.seebug.org/648/
-
2.4.2.CVE-2018-1000861
https://xz.aliyun.com/t/3912
-
2.4.3.CVE-2017-1000353 反序列化指令執行
https://xz.aliyun.com/t/179
-
2.4.4.CVE-2017-1000353
https://ssd-disclosure.com/index.php/archives/3171
3.開發架構及元件漏洞
3.1.Struts架構
-
3.1.1.Struts2所有漏洞連結
https://cwiki.apache.org/confluence/display/WW/Security+Bulletins
- 3.1.2.指令執行漏洞
-
S2-003/S2-005
https://xz.aliyun.com/t/2323
-
S2-009
https://www.kingkk.com/2018/09/Struts2-指令-代碼執行漏洞分析系列-S2-008-S2-009/
-
S2-012
https://hub.docker.com/r/vulhub/s2-012/
-
S2-013/S2-014
https://xz.aliyun.com/t/2694
-
S2-015
https://github.com/vulhub/vulhub/tree/master/struts2/s2-015
-
S2-016
https://blog.csdn.net/u011721501/article/details/41735885
-
S2-029
https://www.iswin.org/2016/03/20/Struts2-S2-029漏洞分析/
-
S2-032
http://avfisher.win/archives/tag/s2-032
-
S2-033
https://blog.csdn.net/qq_29277155/article/details/51672877
- S2-036
-
S2-037
http://blog.nsfocus.net/struts2-s2-037-vulnerability-analysis/
-
S2-045
https://paper.seebug.org/247/
-
S2-052
https://paper.seebug.org/383/
-
S2-053
https://www.freebuf.com/vuls/147735.html
-
S2-057
http://blog.nsfocus.net/s2-075-protection-plan/
3.2.Spring架構
-
3.2.1.Spring所有漏洞連結
https://pivotal.io/security
- 3.2.2.高危漏洞
-
- 3.2.2.1.XXE
-
cve-2013-4152
https://pivotal.io/security/cve-2013-4152
-
cve-2013-7315
https://pivotal.io/security/cve-2013-7315
-
CVE-2013-6429
https://pivotal.io/security/cve-2013-6429
-
CVE-2014-0054
https://pivotal.io/security/cve-2014-0054
-
CVE-2017-8040
https://pivotal.io/security/cve-2017-8040
-
CVE-2018-1259
https://pivotal.io/security/cve-2018-1259
-
CVE-2019-3774
https://pivotal.io/security/cve-2019-3774
-
CVE-2019-3773
https://pivotal.io/security/cve-2019-3773
-
CVE-2019-3772
https://pivotal.io/security/cve-2019-3772
-
- 3.2.2.2.XSS
-
CVE-2013-6430
https://pivotal.io/security/cve-2013-6430
-
CVE-2014-1904
https://pivotal.io/security/cve-2014-1904
-
CVE-2018-1229
https://pivotal.io/security/cve-2018-1229
-
- 3.2.2.3.RCE
-
CVE-2016-2173
https://pivotal.io/security/cve-2016-2173
-
CVE-2016-4977
https://pivotal.io/security/cve-2016-4977
-
CVE-2017-8045
https://pivotal.io/security/cve-2017-8045
-
CVE-2018-1270
https://pivotal.io/security/cve-2018-1270
-
CVE-2018-1260
https://pivotal.io/security/cve-2018-1260
3.3.Play架構
-
3.3.1.所有漏洞連結
https://www.playframework.com/security/vulnerability
- 3.3.2.高危漏洞
-
Logback反序列化漏洞
https://www.playframework.com/security/vulnerability/20170407-LogbackDeser
-
CVE-2014-3630
https://www.playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity
3.4.Dubbo
-
3.4.1.反序列化指令執行漏洞
https://shuimugan.com/bug/view?bug_no=188237
- 3.4.2.未授權通路
4.安全架構
4.1.OWASP ESAPI
-
4.1.1.注入
Validator,Encoder
-
4.1.2.XSS
Encoder
-
4.1.3.失效的身份認證和會話管理
HTTPUtilities(Safe Upload)
-
4.1.4.不安全的直接對象引用
AccessReferenceMap,AccessController
-
4.1.5.跨站請求僞造(CSRF)
CSRF Token
-
4.1.6.安全配置錯誤
EnterpriseSecurityException,HTTPUtils
-
4.1.7.不安全的加密存儲
Authenticator,User,HTTPUtils
-
4.1.8.沒有限制的URL通路
Encryptor
-
4.1.9.傳輸層保護不足
HTTPUtils(Secure Cookie,Channel)
-
4.1.10.未驗證的重定向和轉發
AccessController
4.2.Spring Security
- 4.2.1.重要元件
- SecurityContextHolder
- SecurityContext
- AuthenticationManager
- ProviderManager
- AuthenticationProvider
- Authentication
- GrantedAuthority
- UserDetails
- UserDetailsService
- 4.2.2.重要過濾器
- WebAsyncManagerIntegrationFilter
- SecurityContextPersistenceFilter
- HeaderWriterFilter
- CorsFilter
- LogoutFilter
- RequestCacheAwareFilter
- SecurityContextHolderAwareRequestFilter
- AnonymousAuthenticationFilter
- SessionManagementFilter
- ExceptionTranslationFilter
- FilterSecurityInterceptor
- UsernamePasswordAuthenticationFilter
- BasicAuthenticationFilter