qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Microsoft-SharePoint-Server...

48 lines
2.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Microsoft SharePoint Server CVE-2019-0604 Remote Code Execution Vulnerability",
"Description": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.",
"Product": "Microsoft-SharePoint",
"Homepage": "https://www.microsoft.com/",
"DisclosureDate": "2019-03-05",
"Author": "mahui@gobies.org",
"FofaQuery": "app=\"Microsoft-SharePoint\"",
"GobyQuery": "",
"Level": "3",
"Impact": "<p>Microsoft SharePoint是美国微软Microsoft公司的一套企业业务协作平台。该平台用于对业务信息进行整合并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。<p></p>Microsoft SharePoint中存在安全漏洞该漏洞源于程序无法检查应用程序包的源标记。攻击者可借助特制的SharePoint应用程序包利用该漏洞执行任意代码。以下版本受到影响Microsoft SharePoint Enterprise Server 2016SharePoint Foundation 2013 SP1harePoint Server 2010 SP2SharePoint Server 2019。 </p>",
"Recommandation": "<p>1、官方已修复该漏洞请用户升级至最新版本<a target=\"_Blank\" href=\"https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0604\">https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0604</a></p><p>2、如非必要禁止公网访问该系统。</p><p>3、通过防火墙等安全设备设置访问策略设置白名单访问。</p>",
"References": [
"http://www.securityfocus.com/bid/106914",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604",
"https://nvd.nist.gov/vuln/detail/CVE-2019-0604",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0604"
],
"GifAddress": " https://raw.githubusercontent.com/gobysec/GobyVuls/master/SharePoint/CVE-2019-0604/CVE-2019-0604.gif",
"HasExp": true,
"ExpParams": [
{
"name": "Attacktype",
"type": "select",
"value": "shellurl",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": null,
"ExploitSteps": null,
"Tags": ["rce"],
"CVEIDs": [
"CVE-2019-0604"
],
"CVSSScore": "9.8",
"AttackSurfaces": {
"Application": ["Microsoft-SharePoint"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"Disable": false
}
Reference in New Issue View Git Blame Copy Permalink