A summary of commonly used vulnerabilities in the Java language is recommended for collection.
Get ready, let's go to class~~~
content
Class is in~ Class is in~
Servlet
Introduction
Servlet (Server Applet) is the abbreviation of Java Servlet, called servlet or service connector. It is a server-side program written in Java. Its main function is to interactively browse and modify data and generate dynamic Web content.
Servlet in the narrow sense refers to an interface implemented by the Java language, and Servlet in the broad sense refers to any class that implements the Servlet interface. In general, people understand Servlet as the latter. Servlets run on application servers that support Java. In principle, servlets can respond to any type of request, but in most cases, servlets are only used to extend web servers based on the HTTP protocol.
The life cycle is
- The client requests the servlet
- Load the servlet class into memory
- Instantiate and call the init() method to initialize the servlet
- service() (Called according to the request method
doGet()
/doPost()
/ ... /destroy()
interface
init()
在 Servlet 的生命期中,仅执行一次 init() 方法,在服务器装入 Servlet 时执行。
service()
service() 方法是 Servlet 的核心。每当一个客户请求一个HttpServlet对象,该对象的 service() 方法就要被调用,而且传递给这个方法一个"请求"(ServletRequest)对象和一个"响应"(ServletResponse)对象作为参数。
Struts 2
. Introduction
Struts2 is a Web application framework based on the MVC design pattern, which is essentially equivalent to a servlet. In the MVC design pattern, Struts2 acts as a controller (Controller) to establish the data interaction between the model and the view.
请求流程
客户端发送请求的tomcat服务器
请求经过一系列过滤器
FilterDispatcher调用ActionMapper来决定这个请求是否要调用某个Action
ActionMppaer决定调用某个ActionFilterDispatcher把请求给ActionProxy
ActionProxy通过Configuration Manager查看structs.xml,找到对应的Action类
ActionProxy创建一个ActionInvocation对象
ActionInvocation对象回调Action的execute方法
Action执行完毕后,ActionInvocation根据返回的字符串,找到相应的result,通过HttpServletResponse返回给服务器
Related CVEs
- CVE-2016-3081 (S2-032)
- CVE-2016-3687 (S2-033)
- CVE-2016-4438 (S2-037)
- CVE-2017-5638
- CVE-2017-7672
- CVE-2017-9787
- CVE-2017-9793
- CVE-2017-9804
- CVE-2017-9805
- CVE-2017-12611
- CVE-2017-15707
- CVE-2018-1327
- CVE-2018-11776
Spring
Introduction
Spring generally refers to the Spring Framework, a lightweight Java application open source framework that provides an easy way to develop.
Spring MVC
Spring MVC is an MVC framework designed according to the Spring pattern, which is mainly used to develop Web applications and simplify development.
Spring Boot
Spring was relatively cumbersome at the beginning of its launch, so Spring Boot was provided as an automated configuration tool to reduce the complexity of project construction.
请求流程
用户发送请求给服务器
服务器收到请求,使用DispatchServlet处理
Dispatch使用HandleMapping检查url是否有对应的Controller,如果有,执行
如果Controller返回字符串,ViewResolver将字符串转换成相应的视图对象
DispatchServlet将视图对象中的数据,输出给服务器
服务器将数据输出给客户端
Overview of CVEs
-
CVE-2018-1270
- Spring Websocket Remote Code Execution Vulnerability
- Spring Framework 5.0 - 5.0.5
- Spring Framework 4.3 - 4.3.15
-
CVE-2018-1273
- Spring Data Remote Code Execution Vulnerability
- Spring Data Commons 1.13 - 1.13.10
- Spring Data Commons 2.0 - 2.0.5
- Spring Data REST 2.6 - 2.6.10
- Spring Data REST 3.0 - 3.0.5
-
CVE-2017-8046
- Spring Data REST Remote Code Execution Vulnerability
-
CVE-2017-4971
- Spring Web Flow Remote Code Execution Vulnerability
Shiro
Introduction
Apache Shiro is a powerful and easy-to-use Java security framework with features including authentication, authorization, encryption and session management.
Overview of CVEs
-
CVE-2020-13933 Apache Shiro < 1.6.0 身份验证绕过漏洞
-
CVE-2020-11989 SHIRO-782 Apache Shiro < 1.5.3 身份验证绕过漏洞
-
CVE-2020-1957 SHIRO-682 Apache Shiro < 1.5.2 身份验证绕过漏洞
-
CVE-2019-12422 SHIRO-721 Apache Shiro < 1.4.2 Padding Oracle Attack 远程代码执行漏洞
-
CVE-2016-4437 SHIRO-550 Apache Shiro <= 1.2.4 反序列化远程代码执行漏洞
-
CVE-2014-0074 SHIRO-460 Apache Shiro < 1.2.3 身份验证绕过漏洞
CVE-2020-13933
Before Apache Shiro 1.6.0, because the matching process between Shiro interceptor and requestURI is different from the matching process of web framework interceptor, an attacker constructs a special http request, which can bypass Shiro's authentication, and unauthorized access is sensitive. path.
CVE-2020-11989
In versions prior to Apache Shiro 1.5.3, since the matching process between Shiro interceptors and requestURIs is different from that of web framework interceptors, an attacker constructs a special http request to bypass Shiro's authentication, and unauthorized access is sensitive. path. There are two attack methods for this vulnerability.
CVE-2020-1957
In versions prior to Apache Shiro 1.5.2, since the matching process between Shiro interceptors and requestURIs is different from that of web framework interceptors, an attacker constructs a special http request to bypass Shiro's authentication, and unauthorized access is sensitive. path.
CVE-2019-12422
Apache Shiro versions prior to 1.4.2 use
AES/CBC/PKCS5Padding
mode . The Shiro component with the RememberMe function enabled will allow remote attackers to construct serialized data and blast through Padding Oracle Attack, even if the secret key is unknown. Execute any command on it.
CVE-2016-4437
Before Apache Shiro 1.2.5
org.apache.shiro.mgt.AbstractRememberMeManager
, there is a default AES keykPH+bIxk5D2deZiIxcaaaA==
in . The Shiro component with the RememberMe function enabled will allow remote attackers to construct serialized data and execute arbitrary commands on the target server.
ok~~~ see you next time