qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Payara-Micro-Community-Info...

60 lines
3.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Payara Micro Community Information Leakage (CVE-2021-41381)",
"Description": "<p>Payara Micro Community is the lightweight middleware platform of choice for containerized Jakarta EE application deployments.</p><p>Payara Micro Community 5.2021.6 and below allows Directory Traversal. Attackers can obtain sensitive information such as service configuration, leading to system takeover.</p>",
"Product": "Payara-Micro",
"Homepage": "https://www.payara.fish/",
"DisclosureDate": "2021-10-04",
"Author": "1291904552@qq.com",
"FofaQuery": "app=\"Payara-Micro\"||banner=\"Payara Micro\"",
"GobyQuery": "app=\"Payara-Micro\"||banner=\"Payara Micro\"",
"Level": "2",
"Impact": "<p>Payara Micro Community 5.2021.6 and below allows Directory Traversal. Attackers can obtain sensitive information such as service configuration, leading to system takeover.</p>",
"Recommandation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.payara.fish\">https://www.payara.fish</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Payara Micro 社区版存在信息泄露漏洞CVE-2021-41381",
"VulType": ["信息泄露"],
"Tags": ["信息泄露"],
"Description": "<p>Payara Micro 社区版是容器化 Jakarta EE 应用程序部署的首选轻量级中间件平台。</p><p>Payara Micro Community 5.2021.6 及以下版本允许目录遍历。攻击者可以获得服务配置等敏感信息,导致接管系统。</p>",
"Impact": "<p>Payara Micro Community 5.2021.6 及以下版本允许目录遍历。攻击者可以获得服务配置等敏感信息,导致接管系统。</p>",
"Product": "Payara-Micro",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://www.payara.fish\">https://www.payara.fish</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Payara Micro Community Information Leakage (CVE-2021-41381)",
"VulType": ["infoleak"],
"Tags": ["infoleak"],
"Description": "<p>Payara Micro Community is the lightweight middleware platform of choice for containerized Jakarta EE application deployments.</p><p>Payara Micro Community 5.2021.6 and below allows Directory Traversal. Attackers can obtain sensitive information such as service configuration, leading to system takeover.</p>",
"Impact": "<p>Payara Micro Community 5.2021.6 and below allows Directory Traversal. Attackers can obtain sensitive information such as service configuration, leading to system takeover.</p>",
"Product": "Payara-Micro",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.payara.fish\">https://www.payara.fish</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://www.exploit-db.com/exploits/50371"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "/WEB-INF/classes/META-INF/microprofile-config.properties"
}
],
"ExpTips": null,
"ScanSteps": null,
"ExploitSteps": null,
"Tags": [
"infoleak"
],
"VulType": ["infoleak"],
"CVEIDs": ["CVE-2021-41381"],
"CVSSScore": "6.0",
"AttackSurfaces": {
"Application": ["Payara-Micro"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink