qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Websphere-Portal-SSRF.json

69 lines
3.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Websphere Portal SSRF",
"Description": "<p>IBM WebSphere Portal consists of middleware, applications (called portlets), and development tools used to build and manage secure business-to-business (B2B), business-to-customer (B2C), and business-to-employee (B2E) portals.</p><p>IBM WebSphere Portal has server-side request forgery vulnerabilities, and attackers can use vulnerabilities to detect intranet to obtain sensitive information.</p>",
"Product": "Websphere Portal",
"Homepage": "https://www.ibm.com/",
"DisclosureDate": "2021-12-01",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"/wps/contenthandler\" || body=\"Websphere Portal\" || body=\"/wps/portal/calligaris\"",
"GobyQuery": "body=\"/wps/contenthandler\" || body=\"Websphere Portal\" || body=\"/wps/portal/calligaris\"",
"Level": "1",
"Impact": "<p>IBM WebSphere Portal has server-side request forgery vulnerabilities, and attackers can use vulnerabilities to detect intranet to obtain sensitive information.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.ibm.com/\">https://www.ibm.com/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Websphere Portal SSRF",
"VulType": ["SSRF漏洞"],
"Tags": ["SSRF漏洞"],
"Description": "<p>IBM WebSphere Portal 由用于构建和管理安全的企业对企业B2B、企业对客户B2C和企业对雇员B2E门户网站的中间件、应用程序称为 portlet和开发工具组成。</p><p>IBM WebSphere Portal 存在服务端请求伪造漏洞,攻击者可利用漏洞探测内网获取敏感信息。</p>",
"Impact": "<p>IBM WebSphere Portal 存在服务端请求伪造漏洞,攻击者可利用漏洞探测内网获取敏感信息。</p>",
"Product": "Websphere Portal",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://www.ibm.com/\">https://www.ibm.com/</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Websphere Portal SSRF",
"VulType": ["ssrf"],
"Tags": ["ssrf"],
"Description": "<p>IBM WebSphere Portal consists of middleware, applications (called portlets), and development tools used to build and manage secure business-to-business (B2B), business-to-customer (B2C), and business-to-employee (B2E) portals.</p><p>IBM WebSphere Portal has server-side request forgery vulnerabilities, and attackers can use vulnerabilities to detect intranet to obtain sensitive information.</p>",
"Impact": "<p>IBM WebSphere Portal has server-side request forgery vulnerabilities, and attackers can use vulnerabilities to detect intranet to obtain sensitive information.</p>",
"Product": "Websphere Portal",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.ibm.com/\">https://www.ibm.com/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://blog.assetnote.io/2021/12/25/advisory-websphere-portal/"
],
"HasExp": true,
"ExpParams": [
{
"name": "dnslog",
"type": "input",
"value": "xxx.dnslog.cn"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"ssrf"
],
"VulType": [
"ssrf"
],
"CVEIDs": [
""
],
"CVSSScore": "6.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink