Middleware generally refers to a series of web server middleware such as IIS, Apache, Nginx, Tomcat, and Weblogic. Vulnerabilities in middleware will directly threaten the security of Web server code and background database.
Middleware vulnerabilities that have appeared before are generally file parsing vulnerabilities, such as IIS file parsing vulnerabilities, Apache file parsing vulnerabilities, and Nginx file parsing vulnerabilities. Now we say that there is a loophole in the operating system kernel, which means that there is a security problem in the kernel code. We call it a kernel loophole, such as the MS08067 loophole. Middleware exists directly attached to the existence of the operating system. They are system software second only to the operating system. If they have loopholes, they are middleware loopholes.
For example, the Unicode encoding vulnerability of IIS and the Apache file parsing vulnerability are all middleware vulnerabilities, and the repair of such vulnerabilities must cooperate with middleware developers to repair them. Middleware vulnerabilities are a very serious type of vulnerability. The upper layer of kernel vulnerabilities and middleware vulnerabilities is web application vulnerabilities. If the security of any one of these three layers is not guaranteed, then the overall security cannot be guaranteed, and attackers may enter the system as if they were no one.
A site has a middleware (deserialization) vulnerability. The commonscollections.jar package in the Weblogic middleware system has a deserialization vulnerability, and all projects that reference the jar package have this vulnerability. At this point, the attacker uses this vulnerability to upload files and execute commands. For example, upload 1.jsp to the server with IP address 172.19.11.112, as shown in Figure 1.
](https://img-blog.csdnimg.cn/23f6d59454ad4cdba90fd0189494fcf4.png)