zoukankan      html  css  js  c++  java
  • 应用安全

    CVE-2019-11580

    Date
    2019
    
    类型
    RCE
    
    影响范围
    Atlassian Crowd 3.4.3
    Atlassian Crowd 3.4
    Atlassian Crowd 3.3.4
    Atlassian Crowd 3.3.3
    Atlassian Crowd 3.3.1
    Atlassian Crowd 3.3
    Atlassian Crowd 3.2.1 - 3.2.7
    Atlassian Crowd 3.2
    Atlassian Crowd 3.1.5
    Atlassian Crowd 3.1
    Atlassian Crowd 3.0.4
    Atlassian Crowd 2.11.1
    Atlassian Crowd 2.11
    Atlassian Crowd 2.10.3
    Atlassian Crowd 2.10.1
    Atlassian Crowd 2.9.7
    Atlassian Crowd 2.9.1 - 2.9.5
    Atlassian Crowd 2.9
    Atlassian Crowd 2.8.8
    Atlassian Crowd 2.8.3
    Atlassian Crowd 2.7
    Atlassian Crowd 2.6.0 - 2.6.3
    Atlassian Crowd 2.5.3 - 2.5.4
    Atlassian Crowd 2.5.0 - 2.5.2
    Atlassian Crowd 2.4.9
    Atlassian Crowd 2.4.1
    Atlassian Crowd 2.4
    Atlassian Crowd 2.3.6 - 2.3.8
    Atlassian Crowd 2.3.1 - 2.3.4
    Atlassian Crowd 2.2.9
    Atlassian Crowd 2.2.7
    Atlassian Crowd 2.2.4
    Atlassian Crowd 2.2.2
    Atlassian Crowd 2.1.1 - 2.1.2
    Atlassian Crowd 2.1

    前置条件
    /crowd/admin/uploadplugin.action ---》返回400

    CVE-2018-20238

    Date
    2018
    
    类型
    身份验证绕过
    
    影响范围
    Atlassian Crowd 3.2.7之前版本和3.3.0版本至3.3.4之前版本中存在安全漏洞

    CVE-2017-18107

    Date
    2017
    
    漏洞类型
    XSS - 高危
    
    影响范围
    < Atlassian Crowd 3.1.1

    CVE-2017-18110

    Date
    2017
    
    类型
    XXE
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞

    CVE-2017-18108

    Date
    2017
    
    漏洞类型
    代码注入
    
    影响范围
    <Atlassian Crowd 2.10.2之前版本

    CVE-2017-18106

    Date
    2017
    
    类型
    会话劫持
    
    影响范围
    <Atlassian Crowd 2.9.1

    CVE-2017-18105

    Date
    2017
    
    类型
    会话固定
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞

    CVE-2017-18109

    Date
    2017
    
    类型
    输入验证错误漏洞
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中

    CVE-2017-16858

    Date
    2017
    
    类型
    crowd-application插件模块用户伪造漏洞
    
    影响范围
    Atlassian Crowd 1.5.0版本至3.1.2版本(不包括3.1.2版本)

    CVE-2016-10740

    Date
    2016
    
    类型
    远程目录密码漏洞
    
    影响范围
    Atlassian Crowd 2.10.1之前版本中存在安全漏洞

    CVE-2016-6496

    Date
    2016
    
    类型
    LADP注入导致RCE
    
    影响范围
    Atlassian Crowd 2.6.3
    Atlassian Crowd 2.3.8
    Atlassian Crowd 2.3.9
    Atlassian Crowd 1.5.3
    Atlassian Crowd 1.5.2
    Atlassian Crowd 1.5.1
    Atlassian Crowd 1.4.8
    Atlassian Crowd 1.4.7
    Atlassian Crowd 1.4.4
    Atlassian Crowd 1.4.3
    Atlassian Crowd 1.4.2
    Atlassian Crowd 1.4
    Atlassian Crowd 2.9.4
    Atlassian Crowd 2.9.3
    Atlassian Crowd 2.9.2
    Atlassian Crowd 2.9.1
    Atlassian Crowd 2.9
    Atlassian Crowd 2.6.2
    Atlassian Crowd 2.5.4
    Atlassian Crowd 2.5.3
    Atlassian Crowd 2.4.9
    Atlassian Crowd 2.7
    Atlassian Crowd 2.6.1
    Atlassian Crowd 2.6.0
    Atlassian Crowd 2.5.2
    Atlassian Crowd 2.5.1
    Atlassian Crowd 2.5.0
    Atlassian Crowd 2.4.2
    Atlassian Crowd 2.4.1
    Atlassian Crowd 2.3.7
    Atlassian Crowd 2.3.6
    Atlassian Crowd 2.3.4
    Atlassian Crowd 2.3.3
    Atlassian Crowd 2.3.2
    Atlassian Crowd 2.3.1
    Atlassian Crowd 2.2.9
    Atlassian Crowd 2.2.7
    Atlassian Crowd 2.2.4
    Atlassian Crowd 2.2.2
    Atlassian Crowd 2.1.2
    Atlassian Crowd 2.1.1
    Atlassian Crowd 2.0.9
    Atlassian Crowd 2.0.7
    Atlassian Crowd 2.0.6
    Atlassian Crowd 2.0.5
    Atlassian Crowd 2.0.4
    Atlassian Crowd 2.0.3
    Atlassian Crowd 2.0.2
    Atlassian Crowd 2.0.1
    Atlassian Crowd 1.6.3
    Atlassian Crowd 1.6.1
    Atlassian Crowd 1.6

    CVE-2013-3926

    Date
    2013
    
    类型
    Atlassian Crowd软件存在后门,允许任何人远程控制Crowd服务器,并损坏系统应用和数据
    
    影响范围
    <Atlassian Crowd 2.6.3

    CVE-2013-3925

    Date
    2013
    
    类型
    XML外部实体引用任意文件读取漏洞
    
    影响范围
    Atlassian Crowd 2.5.x
    Atlassian Crowd 2.6.x
    Atlassian Crowd 2.3.8
    Atlassian Crowd 2.3.9
  • 相关阅读:
    .NET Core 下使用 Exceptionless 记录日志
    .NET Core 下使用 Kafka
    .NET Core 下使用 RabbitMQ
    .NET Core 下使用 ElasticSearch
    .NET Core 下使用 gRPC
    【手摸手,带你搭建前后端分离商城系统】02 VUE-CLI 脚手架生成基本项目,axios配置请求、解决跨域问题
    【手摸手,带你搭建前后端分离商城系统】01 搭建基本代码框架、生成一个基本API
    【开源】Springboot API 一键生成器
    力扣1. 两数之和
    常用代码优化手段
  • 原文地址:https://www.cnblogs.com/AtesetEnginner/p/12297208.html
Copyright © 2011-2022 走看看