mirror of https://github.com/qwqdanchun/Goby.git
132 lines
4.6 KiB
JSON
132 lines
4.6 KiB
JSON
{
|
||
"Name": "Symantec Advanced Threat Protection log4j2 Remote command execution vulnerability (CVE-2021-44228)",
|
||
"Description": "<p>Symantec Advanced Threat Protection is an advanced threat protection product from Symantec.</p><p>Symantec Advanced Threat Protection has a log4j2 remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.</p>",
|
||
"Product": "Symantec Advanced Threat Protection",
|
||
"Homepage": "https://www.broadcom.com/products/cyber-security/network/atp",
|
||
"DisclosureDate": "2021-12-23",
|
||
"Author": "fmbd",
|
||
"FofaQuery": "title=\"Symantec\" && title=\"Advanced\"",
|
||
"GobyQuery": "title=\"Symantec\" && title=\"Advanced\"",
|
||
"Level": "3",
|
||
"Impact": "<p>Symantec Advanced Threat Protection has a log4j2 remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.</p>",
|
||
"Recommendation": "<p>The supplier has released a solution, please upgrade to the new version:<a href=\"https://github.com/apache/logging-log4j2/tags/\" target=\"_blank\">https://github.com/apache/logging-log4j2/tags/</a></p><p>1. Deploy a web application firewall to monitor database operations.</p><p>2.If not necessary, prohibit public network access to the system.</p> ",
|
||
"Translation": {
|
||
"CN": {
|
||
|
||
"Name": "赛门铁克 Advanced Threat Protection log4j2 命令执行漏洞(CVE-2021-44228)",
|
||
"Product": "Symantec Advanced Threat Protection",
|
||
"VulType": [
|
||
"命令执行"
|
||
],
|
||
"Tags": [
|
||
"命令执行"
|
||
],
|
||
"Description": "<p>Symantec Advanced Threat Protection 是 赛门铁克(Symantec)公司的一款高级威胁防护产品。</p><p>赛门铁克 Advanced Threat Protection 存在 log4j2 命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行命令,写入后门,获取服务器权限,进而控制整个web服务器。</p>",
|
||
"Impact": "<p>赛门铁克 Advanced Threat Protection 存在 log4j2 命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行命令,写入后门,获取服务器权限,进而控制整个web服务器。<br></p>",
|
||
"Recommendation": "<p>⼚商已发布了漏洞方案,请及时关注: <a href=\"https://github.com/apache/logging-log4j2/tags\">https://github.com/apache/logging-log4j2/tags</a></p><p></p><p>1、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。</p><p>2、如⾮必要,禁⽌公⽹访问该系统。</p>"
|
||
|
||
}
|
||
},
|
||
"References": [
|
||
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228",
|
||
"https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
|
||
],
|
||
"Is0day": false,
|
||
"HasExp": false,
|
||
"ExpParams": [],
|
||
"ExpTips": {
|
||
"Type": "",
|
||
"Content": ""
|
||
},
|
||
"ScanSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/test.php",
|
||
"follow_redirect": true,
|
||
"header": {},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "test",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"ExploitSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/test.php",
|
||
"follow_redirect": true,
|
||
"header": {},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "test",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"Tags": [
|
||
"rce"
|
||
],
|
||
"VulType": [
|
||
"rce"
|
||
],
|
||
"CVEIDs": [
|
||
"CVE-2021-44228"
|
||
],
|
||
"CNNVD": [
|
||
"CNNVD-202112-799"
|
||
],
|
||
"CNVD": [
|
||
"CNVD-2021-95914"
|
||
],
|
||
"CVSSScore": "10.0",
|
||
"AttackSurfaces": {
|
||
"Application": null,
|
||
"Support": null,
|
||
"Service": null,
|
||
"System": null,
|
||
"Hardware": null
|
||
}
|
||
} |