内容来自以前收集的思维导图,作者不明。
1.JDK漏洞
- 1.1.CVE-2012-4681
https://www.freebuf.com/vuls/5485.html
msf: exploit/multi/browser/java_jre17_jaxws - 1.2.CVE-2012-0507
https://blog.csdn.net/wcf1987/article/details/84368813
msf: exploit/multi/browser/java_atomicreferencearray - 1.3.CVE-2012-1723
https://www.securityfocus.com/bid/53960
msf: exploit/ulti/browser/java_verifier_field_access - 1.4.CVE-2013-0422
https://blog.csdn.net/wcf1987/article/details/84380363
msf: exploit/multi/browser/java_jre17_jmxbean
2.中间件漏洞
2.1.Tomcat
- 2.1.1.CVE-2017-12617
https://www.freebuf.com/vuls/150203.html - 2.1.2.CVE-2018-11784
http://zhutougg.com/2018/10/08/cve-2018-11784-tomcat-urltiao-zhuan-lou-dong/
2.2.JBoss
- 2.2.1.CVE-2010-1871
msf: exploit/multi/http/jboss_seam_upload_exec - 2.2.2.CVE-2010-0738
msf: auxiliary/scanner/http/jboss_vulnscan - 2.2.3.CVE-2013-6469
- 2.2.4.CVE-2017-7504
http://gv7.me/articles/2018/CVE-2017-7504/ - 2.2.5.CVE-2017-12149
https://www.cnblogs.com/Oran9e/p/7897102.html
msf: auxiliary/scanner/http/jboss_vulnscan - 2.2.6.反序列化
https://www.seebug.org/vuldb/ssvid-89723 - 2.2.7.WebConsole/Invoker 代码执行漏洞
- 2.2.8.JMXInvoker 代码执行漏洞
2.3.Jetty
- 2.3.1.CVE-2005-3747
URL编码的反斜线源代码暴露漏洞
https://www.rapid7.com/db/vulnerabilities/http-jetty-jsp-source-disclosure
2.4.Jenkins
- 2.4.1.CVE-2018-1999002 任意文件读取漏洞
https://paper.seebug.org/648/ - 2.4.2.CVE-2018-1000861
https://xz.aliyun.com/t/3912 - 2.4.3.CVE-2017-1000353 反序列化命令执行
https://xz.aliyun.com/t/179 - 2.4.4.CVE-2017-1000353
https://ssd-disclosure.com/index.php/archives/3171
3.开发框架及组件漏洞
3.1.Struts框架
- 3.1.1.Struts2所有漏洞链接
https://cwiki.apache.org/confluence/display/WW/Security+Bulletins - 3.1.2.命令执行漏洞
- S2-003/S2-005
https://xz.aliyun.com/t/2323 - S2-009
https://www.kingkk.com/2018/09/Struts2-命令-代码执行漏洞分析系列-S2-008-S2-009/ - S2-012
https://hub.docker.com/r/vulhub/s2-012/ - S2-013/S2-014
https://xz.aliyun.com/t/2694 - S2-015
https://github.com/vulhub/vulhub/tree/master/struts2/s2-015 - S2-016
https://blog.csdn.net/u011721501/article/details/41735885 - S2-029
https://www.iswin.org/2016/03/20/Struts2-S2-029漏洞分析/ - S2-032
http://avfisher.win/archives/tag/s2-032 - S2-033
https://blog.csdn.net/qq_29277155/article/details/51672877 - S2-036
- S2-037
http://blog.nsfocus.net/struts2-s2-037-vulnerability-analysis/ - S2-045
https://paper.seebug.org/247/ - S2-052
https://paper.seebug.org/383/ - S2-053
https://www.freebuf.com/vuls/147735.html - S2-057
http://blog.nsfocus.net/s2-075-protection-plan/
3.2.Spring框架
- 3.2.1.Spring所有漏洞链接
https://pivotal.io/security - 3.2.2.高危漏洞
-
- 3.2.2.1.XXE
- cve-2013-4152
https://pivotal.io/security/cve-2013-4152 - cve-2013-7315
https://pivotal.io/security/cve-2013-7315 - CVE-2013-6429
https://pivotal.io/security/cve-2013-6429 - CVE-2014-0054
https://pivotal.io/security/cve-2014-0054 - CVE-2017-8040
https://pivotal.io/security/cve-2017-8040 - CVE-2018-1259
https://pivotal.io/security/cve-2018-1259 - CVE-2019-3774
https://pivotal.io/security/cve-2019-3774 - CVE-2019-3773
https://pivotal.io/security/cve-2019-3773 - CVE-2019-3772
https://pivotal.io/security/cve-2019-3772 -
- 3.2.2.2.XSS
- CVE-2013-6430
https://pivotal.io/security/cve-2013-6430 - CVE-2014-1904
https://pivotal.io/security/cve-2014-1904 - CVE-2018-1229
https://pivotal.io/security/cve-2018-1229 -
- 3.2.2.3.RCE
- CVE-2016-2173
https://pivotal.io/security/cve-2016-2173 - CVE-2016-4977
https://pivotal.io/security/cve-2016-4977 - CVE-2017-8045
https://pivotal.io/security/cve-2017-8045 - CVE-2018-1270
https://pivotal.io/security/cve-2018-1270 - CVE-2018-1260
https://pivotal.io/security/cve-2018-1260
3.3.Play框架
- 3.3.1.所有漏洞链接
https://www.playframework.com/security/vulnerability - 3.3.2.高危漏洞
- Logback反序列化漏洞
https://www.playframework.com/security/vulnerability/20170407-LogbackDeser - CVE-2014-3630
https://www.playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity
3.4.Dubbo
- 3.4.1.反序列化命令执行漏洞
https://shuimugan.com/bug/view?bug_no=188237 - 3.4.2.未授权访问
4.安全框架
4.1.OWASP ESAPI
- 4.1.1.注入
Validator,Encoder - 4.1.2.XSS
Encoder - 4.1.3.失效的身份认证和会话管理
HTTPUtilities(Safe Upload) - 4.1.4.不安全的直接对象引用
AccessReferenceMap,AccessController - 4.1.5.跨站请求伪造(CSRF)
CSRF Token - 4.1.6.安全配置错误
EnterpriseSecurityException,HTTPUtils - 4.1.7.不安全的加密存储
Authenticator,User,HTTPUtils - 4.1.8.没有限制的URL访问
Encryptor - 4.1.9.传输层保护不足
HTTPUtils(Secure Cookie,Channel) - 4.1.10.未验证的重定向和转发
AccessController
4.2.Spring Security
- 4.2.1.重要组件
- SecurityContextHolder
- SecurityContext
- AuthenticationManager
- ProviderManager
- AuthenticationProvider
- Authentication
- GrantedAuthority
- UserDetails
- UserDetailsService
- 4.2.2.重要过滤器
- WebAsyncManagerIntegrationFilter
- SecurityContextPersistenceFilter
- HeaderWriterFilter
- CorsFilter
- LogoutFilter
- RequestCacheAwareFilter
- SecurityContextHolderAwareRequestFilter
- AnonymousAuthenticationFilter
- SessionManagementFilter
- ExceptionTranslationFilter
- FilterSecurityInterceptor
- UsernamePasswordAuthenticationFilter
- BasicAuthenticationFilter