qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Symantec-Advanced-Threat-Pr...

132 lines
4.6 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Symantec Advanced Threat Protection log4j2 Remote command execution vulnerability (CVE-2021-44228)",
"Description": "<p>Symantec Advanced Threat Protection is an advanced threat protection product from Symantec.</p><p>Symantec Advanced Threat Protection has a log4j2 remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.</p>",
"Product": "Symantec Advanced Threat Protection",
"Homepage": "https://www.broadcom.com/products/cyber-security/network/atp",
"DisclosureDate": "2021-12-23",
"Author": "fmbd",
"FofaQuery": "title=\"Symantec\" && title=\"Advanced\"",
"GobyQuery": "title=\"Symantec\" && title=\"Advanced\"",
"Level": "3",
"Impact": "<p>Symantec Advanced Threat Protection has a log4j2 remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.</p>",
"Recommendation": "<p>The supplier has released a solution, please upgrade to the new version:<a href=\"https://github.com/apache/logging-log4j2/tags/\" target=\"_blank\">https://github.com/apache/logging-log4j2/tags/</a></p><p>1. Deploy a web application firewall to monitor database operations.</p><p>2.If not necessary, prohibit public network access to the system.</p> ",
"Translation": {
"CN": {
"Name": "赛门铁克 Advanced Threat Protection log4j2 命令执行漏洞CVE-2021-44228",
"Product": "Symantec Advanced Threat Protection",
"VulType": [
"命令执行"
],
"Tags": [
"命令执行"
],
"Description": "<p>Symantec Advanced Threat Protection 是 赛门铁克Symantec公司的一款高级威胁防护产品。</p><p>赛门铁克 Advanced Threat Protection 存在 log4j2 命令执行漏洞攻击者可通过该漏洞在服务器端任意执行命令写入后门获取服务器权限进而控制整个web服务器。</p>",
"Impact": "<p>赛门铁克 Advanced Threat Protection 存在 log4j2 命令执行漏洞攻击者可通过该漏洞在服务器端任意执行命令写入后门获取服务器权限进而控制整个web服务器。<br></p>",
"Recommendation": "<p>⼚商已发布了漏洞方案,请及时关注: <a href=\"https://github.com/apache/logging-log4j2/tags\">https://github.com/apache/logging-log4j2/tags</a></p><p></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
}
},
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228",
"https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
],
"Is0day": false,
"HasExp": false,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-44228"
],
"CNNVD": [
"CNNVD-202112-799"
],
"CNVD": [
"CNVD-2021-95914"
],
"CVSSScore": "10.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink