web middleware Common Vulnerabilities

Others 2019-08-24 03:14:49 views: null

A, IIS vulnerabilities Middleware

  1> malformed file parsing vulnerability

    iis 6.0 File Type: 1234.asp; .jpg 123.aspx; .jpg 123.php; .jpg

    Repair method: delete the binding resolve suffix

    iis 7.5 File Type: 123.jpg / .php

    Restorative: Configuration cgi.fix_pathinfo (php.ini) is 0 and restart the program php-cgi

  2> iis short file name guess vulnerability, information disclosure documents

    You can see the file of the first six characters, violence guess solution behind file character

    Repair: Off CMD command from NTFS 8.3 file format support Windows server 2003: (1 representative Close, 0 open)

    Close function change: fsutil behavior set disable8dot3 1

  3> put file write

    /123.asp

    Repair: Off WebDAV and write permissions

Two, Apache middleware vulnerabilities

  > Malformed file parsing vulnerability number Vulnerability CVE-2017-15715

    File format 1234.php.23testafuck

    AddHandler caused Parsing Vulnerability

    Repair mode: AddHandler application / x-httpd-php .php .xxxxx

Three, Nginx middleware vulnerabilities

  > File Parsing Vulnerability

    File Format 123.jpg / .php

    Restorative: Configuration cgi.fix_pathinfo (php.ini) is 0 and restart the program php-cgi

  > Filename logical number CVE-2013-4547 vulnerability Vulnerability

    Upload 123.jpg spaces modified to access 123.jpg ... php, jpg changed to 20.00 in the back of the card will be elective Hex two points 2e

    Repair method: upgrade Nginx

  > Arbitrary null byte code execution vulnerability

    Access info.jpg, and modified to capture info.jpg..php, in jpg behind Hex elective in the cards., Changed to 00.

    Repair method: upgrade Nginx

Four, Tomcat middleware vulnerabilities Default Port: 8080

  > File Upload

    After the configuration file to open the put method can upload files to achieve remote code execution

    Repair: Off put method

Five, Jboss middleware vulnerabilities

  > Deserialization vulnerability

    Filter malicious code is not strictly caused by construction

    Repair mode: update, delete http-invoker.sar components

    Background The default password admin admin

Six, weblogic middleware middleware port vulnerabilities: 7001

  > Deserialization vulnerability

  > Arbitrary File Upload Vulnerability

 

Guess you like

Origin www.cnblogs.com/Scholar-liu/p/11402881.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com