qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Adobe-ColdFusion-Java-Deser...

69 lines
4.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Adobe ColdFusion Java Deserialization RCE (CVE-2017-3066)",
"Description": "<p>Adobe ColdFusion is a dynamic web server product of Adobe.</p><p>There is a java deserialization vulnerability in Adobe ColdFusion. An attacker can use this vulnerability to execute arbitrary code in the context of the affected application, resulting in the takeover of server permissions.</p>",
"Product": "Adobe-ColdFusion",
"Homepage": "https://www.adobe.com/",
"DisclosureDate": "2017-11-01",
"Author": "1291904552@qq.com",
"FofaQuery": "app=\"Adobe-ColdFusion\"",
"GobyQuery": "app=\"Adobe-ColdFusion\"",
"Level": "3",
"Impact": "<p>There is a java deserialization vulnerability in Adobe ColdFusion. An attacker can use this vulnerability to execute arbitrary code in the context of the affected application, resulting in the takeover of server permissions.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html\">https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Adobe ColdFusion 服务器产品存在 JAVA 反序列化漏洞CVE-2017-3066",
"VulType": ["代码执行"],
"Tags": ["代码执行"],
"Description": "<p>Adobe ColdFusion是美国奥多比Adobe公司的一款动态Web服务器产品。</p><p>Adobe ColdFusion中存在java反序列化漏洞。攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码导致接管服务器权限。</p>",
"Impact": "<p>Adobe ColdFusion中存在java反序列化漏洞。攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码导致接管服务器权限。</p>",
"Product": "Adobe-ColdFusion",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html\">https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Adobe ColdFusion Java Deserialization RCE (CVE-2017-3066)",
"VulType": ["rce"],
"Tags": ["rce"],
"Description": "<p>Adobe ColdFusion is a dynamic web server product of Adobe.</p><p>There is a java deserialization vulnerability in Adobe ColdFusion. An attacker can use this vulnerability to execute arbitrary code in the context of the affected application, resulting in the takeover of server permissions.</p>",
"Impact": "<p>There is a java deserialization vulnerability in Adobe ColdFusion. An attacker can use this vulnerability to execute arbitrary code in the context of the affected application, resulting in the takeover of server permissions.</p>",
"Product": "Adobe-ColdFusion",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html\">https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://fofa.so"
],
"HasExp": true,
"ExpParams": [
{
"name": "AttackType",
"type": "select",
"value": "goby_shell_linux"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2017-3066"
],
"CVSSScore": "9.8",
"AttackSurfaces": {
"Application": null,
"Support": ["Adobe-ColdFusion"],
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-201704-1418"
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink