本文最后更新于2019年05月06日,有任何建议或疑问,欢迎底部讨论。

内容来自以前收集的思维导图,作者不明。

2019-05-06T14:57:59.png
2019-05-06T14:58:08.png
2019-05-06T14:58:18.png
2019-05-06T14:58:30.png

1.JDK漏洞

  • 1.1.CVE-2012-4681

https://www.freebuf.com/vuls/5485.html
msf: exploit/multi/browser/java_jre17_jaxws

  • 1.2.CVE-2012-0507

https://blog.csdn.net/wcf1987/article/details/84368813
msf: exploit/multi/browser/java_atomicreferencearray

  • 1.3.CVE-2012-1723

https://www.securityfocus.com/bid/53960
msf: exploit/ulti/browser/java_verifier_field_access

  • 1.4.CVE-2013-0422

https://blog.csdn.net/wcf1987/article/details/84380363
msf: exploit/multi/browser/java_jre17_jmxbean

2.中间件漏洞

2.1.Tomcat

  • 2.1.1.CVE-2017-12617

https://www.freebuf.com/vuls/150203.html

  • 2.1.2.CVE-2018-11784

http://zhutougg.com/2018/10/08/cve-2018-11784-tomcat-urltiao-zhuan-lou-dong/

2.2.JBoss

  • 2.2.1.CVE-2010-1871

msf: exploit/multi/http/jboss_seam_upload_exec

  • 2.2.2.CVE-2010-0738

msf: auxiliary/scanner/http/jboss_vulnscan

  • 2.2.3.CVE-2013-6469
  • 2.2.4.CVE-2017-7504

http://gv7.me/articles/2018/CVE-2017-7504/

  • 2.2.5.CVE-2017-12149

https://www.cnblogs.com/Oran9e/p/7897102.html
msf: auxiliary/scanner/http/jboss_vulnscan

  • 2.2.6.反序列化

https://www.seebug.org/vuldb/ssvid-89723

  • 2.2.7.WebConsole/Invoker 代码执行漏洞
  • 2.2.8.JMXInvoker 代码执行漏洞

2.3.Jetty

  • 2.3.1.CVE-2005-3747

URL编码的反斜线源代码暴露漏洞
https://www.rapid7.com/db/vulnerabilities/http-jetty-jsp-source-disclosure

2.4.Jenkins

  • 2.4.1.CVE-2018-1999002 任意文件读取漏洞

https://paper.seebug.org/648/

  • 2.4.2.CVE-2018-1000861

https://xz.aliyun.com/t/3912

  • 2.4.3.CVE-2017-1000353 反序列化命令执行

https://xz.aliyun.com/t/179

  • 2.4.4.CVE-2017-1000353

https://ssd-disclosure.com/index.php/archives/3171

3.开发框架及组件漏洞

3.1.Struts框架

  • 3.1.1.Struts2所有漏洞链接

https://cwiki.apache.org/confluence/display/WW/Security+Bulletins

  • 3.1.2.命令执行漏洞

    • S2-003/S2-005

https://xz.aliyun.com/t/2323

  • S2-009

https://www.kingkk.com/2018/09/Struts2-%E5%91%BD%E4%BB%A4-%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E7%B3%BB%E5%88%97-S2-008-S2-009/

  • S2-012

https://hub.docker.com/r/vulhub/s2-012/

  • S2-013/S2-014

https://xz.aliyun.com/t/2694

  • S2-015

https://github.com/vulhub/vulhub/tree/master/struts2/s2-015

  • S2-016

https://blog.csdn.net/u011721501/article/details/41735885

  • S2-029

https://www.iswin.org/2016/03/20/Struts2-S2-029%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/

  • S2-032

http://avfisher.win/archives/tag/s2-032

  • S2-033

https://blog.csdn.net/qq_29277155/article/details/51672877

  • S2-036
  • S2-037

http://blog.nsfocus.net/struts2-s2-037-vulnerability-analysis/

  • S2-045

https://paper.seebug.org/247/

  • S2-052

https://paper.seebug.org/383/

  • S2-053

https://www.freebuf.com/vuls/147735.html

  • S2-057

http://blog.nsfocus.net/s2-075-protection-plan/

3.2.Spring框架

  • 3.2.1.Spring所有漏洞链接

https://pivotal.io/security

  • 3.2.2.高危漏洞
    • 3.2.2.1.XXE
    • cve-2013-4152
      https://pivotal.io/security/cve-2013-4152
    • cve-2013-7315
      https://pivotal.io/security/cve-2013-7315
    • CVE-2013-6429
      https://pivotal.io/security/cve-2013-6429
    • CVE-2014-0054
      https://pivotal.io/security/cve-2014-0054
    • CVE-2017-8040
      https://pivotal.io/security/cve-2017-8040
    • CVE-2018-1259
      https://pivotal.io/security/cve-2018-1259
    • CVE-2019-3774
      https://pivotal.io/security/cve-2019-3774
    • CVE-2019-3773
      https://pivotal.io/security/cve-2019-3773
    • CVE-2019-3772
      https://pivotal.io/security/cve-2019-3772
    • 3.2.2.2.XSS
    • CVE-2013-6430
      https://pivotal.io/security/cve-2013-6430
    • CVE-2014-1904
      https://pivotal.io/security/cve-2014-1904
    • CVE-2018-1229
      https://pivotal.io/security/cve-2018-1229
    • 3.2.2.3.RCE
    • CVE-2016-2173
      https://pivotal.io/security/cve-2016-2173
    • CVE-2016-4977
      https://pivotal.io/security/cve-2016-4977
    • CVE-2017-8045
      https://pivotal.io/security/cve-2017-8045
    • CVE-2018-1270
      https://pivotal.io/security/cve-2018-1270
    • CVE-2018-1260
      https://pivotal.io/security/cve-2018-1260

3.3.Play框架

  • 3.3.1.所有漏洞链接

https://www.playframework.com/security/vulnerability

  • 3.3.2.高危漏洞

    • Logback反序列化漏洞
      https://www.playframework.com/security/vulnerability/20170407-LogbackDeser
    • CVE-2014-3630
      https://www.playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity

3.4.Dubbo

  • 3.4.1.反序列化命令执行漏洞

https://shuimugan.com/bug/view?bug_no=188237

  • 3.4.2.未授权访问

4.安全框架

4.1.OWASP ESAPI

  • 4.1.1.注入

Validator,Encoder

  • 4.1.2.XSS

Encoder

  • 4.1.3.失效的身份认证和会话管理

HTTPUtilities(Safe Upload)

  • 4.1.4.不安全的直接对象引用

AccessReferenceMap,AccessController

  • 4.1.5.跨站请求伪造(CSRF)

CSRF Token

  • 4.1.6.安全配置错误

EnterpriseSecurityException,HTTPUtils

  • 4.1.7.不安全的加密存储

Authenticator,User,HTTPUtils

  • 4.1.8.没有限制的URL访问

Encryptor

  • 4.1.9.传输层保护不足

HTTPUtils(Secure Cookie,Channel)

  • 4.1.10.未验证的重定向和转发

AccessController

4.2.Spring Security

  • 4.2.1.重要组件

    • SecurityContextHolder
    • SecurityContext
    • AuthenticationManager
    • ProviderManager
    • AuthenticationProvider
    • Authentication
    • GrantedAuthority
    • UserDetails
    • UserDetailsService
  • 4.2.2.重要过滤器

    • WebAsyncManagerIntegrationFilter
    • SecurityContextPersistenceFilter
    • HeaderWriterFilter
    • CorsFilter
    • LogoutFilter
    • RequestCacheAwareFilter
    • SecurityContextHolderAwareRequestFilter
    • AnonymousAuthenticationFilter
    • SessionManagementFilter
    • ExceptionTranslationFilter
    • FilterSecurityInterceptor
    • UsernamePasswordAuthenticationFilter
    • BasicAuthenticationFilter

4.3.Shiro

文章目录