zoukankan      html  css  js  c++  java
  • 应用安全

    CVE-2019-11580

    Date
    2019
    
    类型
    RCE
    
    影响范围
    Atlassian Crowd 3.4.3
    Atlassian Crowd 3.4
    Atlassian Crowd 3.3.4
    Atlassian Crowd 3.3.3
    Atlassian Crowd 3.3.1
    Atlassian Crowd 3.3
    Atlassian Crowd 3.2.1 - 3.2.7
    Atlassian Crowd 3.2
    Atlassian Crowd 3.1.5
    Atlassian Crowd 3.1
    Atlassian Crowd 3.0.4
    Atlassian Crowd 2.11.1
    Atlassian Crowd 2.11
    Atlassian Crowd 2.10.3
    Atlassian Crowd 2.10.1
    Atlassian Crowd 2.9.7
    Atlassian Crowd 2.9.1 - 2.9.5
    Atlassian Crowd 2.9
    Atlassian Crowd 2.8.8
    Atlassian Crowd 2.8.3
    Atlassian Crowd 2.7
    Atlassian Crowd 2.6.0 - 2.6.3
    Atlassian Crowd 2.5.3 - 2.5.4
    Atlassian Crowd 2.5.0 - 2.5.2
    Atlassian Crowd 2.4.9
    Atlassian Crowd 2.4.1
    Atlassian Crowd 2.4
    Atlassian Crowd 2.3.6 - 2.3.8
    Atlassian Crowd 2.3.1 - 2.3.4
    Atlassian Crowd 2.2.9
    Atlassian Crowd 2.2.7
    Atlassian Crowd 2.2.4
    Atlassian Crowd 2.2.2
    Atlassian Crowd 2.1.1 - 2.1.2
    Atlassian Crowd 2.1

    前置条件
    /crowd/admin/uploadplugin.action ---》返回400

    CVE-2018-20238

    Date
    2018
    
    类型
    身份验证绕过
    
    影响范围
    Atlassian Crowd 3.2.7之前版本和3.3.0版本至3.3.4之前版本中存在安全漏洞

    CVE-2017-18107

    Date
    2017
    
    漏洞类型
    XSS - 高危
    
    影响范围
    < Atlassian Crowd 3.1.1

    CVE-2017-18110

    Date
    2017
    
    类型
    XXE
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞

    CVE-2017-18108

    Date
    2017
    
    漏洞类型
    代码注入
    
    影响范围
    <Atlassian Crowd 2.10.2之前版本

    CVE-2017-18106

    Date
    2017
    
    类型
    会话劫持
    
    影响范围
    <Atlassian Crowd 2.9.1

    CVE-2017-18105

    Date
    2017
    
    类型
    会话固定
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中存在安全漏洞

    CVE-2017-18109

    Date
    2017
    
    类型
    输入验证错误漏洞
    
    影响范围
    Atlassian Crowd 3.0.2之前版本和3.1.0版本中

    CVE-2017-16858

    Date
    2017
    
    类型
    crowd-application插件模块用户伪造漏洞
    
    影响范围
    Atlassian Crowd 1.5.0版本至3.1.2版本(不包括3.1.2版本)

    CVE-2016-10740

    Date
    2016
    
    类型
    远程目录密码漏洞
    
    影响范围
    Atlassian Crowd 2.10.1之前版本中存在安全漏洞

    CVE-2016-6496

    Date
    2016
    
    类型
    LADP注入导致RCE
    
    影响范围
    Atlassian Crowd 2.6.3
    Atlassian Crowd 2.3.8
    Atlassian Crowd 2.3.9
    Atlassian Crowd 1.5.3
    Atlassian Crowd 1.5.2
    Atlassian Crowd 1.5.1
    Atlassian Crowd 1.4.8
    Atlassian Crowd 1.4.7
    Atlassian Crowd 1.4.4
    Atlassian Crowd 1.4.3
    Atlassian Crowd 1.4.2
    Atlassian Crowd 1.4
    Atlassian Crowd 2.9.4
    Atlassian Crowd 2.9.3
    Atlassian Crowd 2.9.2
    Atlassian Crowd 2.9.1
    Atlassian Crowd 2.9
    Atlassian Crowd 2.6.2
    Atlassian Crowd 2.5.4
    Atlassian Crowd 2.5.3
    Atlassian Crowd 2.4.9
    Atlassian Crowd 2.7
    Atlassian Crowd 2.6.1
    Atlassian Crowd 2.6.0
    Atlassian Crowd 2.5.2
    Atlassian Crowd 2.5.1
    Atlassian Crowd 2.5.0
    Atlassian Crowd 2.4.2
    Atlassian Crowd 2.4.1
    Atlassian Crowd 2.3.7
    Atlassian Crowd 2.3.6
    Atlassian Crowd 2.3.4
    Atlassian Crowd 2.3.3
    Atlassian Crowd 2.3.2
    Atlassian Crowd 2.3.1
    Atlassian Crowd 2.2.9
    Atlassian Crowd 2.2.7
    Atlassian Crowd 2.2.4
    Atlassian Crowd 2.2.2
    Atlassian Crowd 2.1.2
    Atlassian Crowd 2.1.1
    Atlassian Crowd 2.0.9
    Atlassian Crowd 2.0.7
    Atlassian Crowd 2.0.6
    Atlassian Crowd 2.0.5
    Atlassian Crowd 2.0.4
    Atlassian Crowd 2.0.3
    Atlassian Crowd 2.0.2
    Atlassian Crowd 2.0.1
    Atlassian Crowd 1.6.3
    Atlassian Crowd 1.6.1
    Atlassian Crowd 1.6

    CVE-2013-3926

    Date
    2013
    
    类型
    Atlassian Crowd软件存在后门,允许任何人远程控制Crowd服务器,并损坏系统应用和数据
    
    影响范围
    <Atlassian Crowd 2.6.3

    CVE-2013-3925

    Date
    2013
    
    类型
    XML外部实体引用任意文件读取漏洞
    
    影响范围
    Atlassian Crowd 2.5.x
    Atlassian Crowd 2.6.x
    Atlassian Crowd 2.3.8
    Atlassian Crowd 2.3.9
  • 相关阅读:
    SSH through HTTP proxy
    聊聊主流框架,Less/Sass/Compass/Bootstrap/H5bp » 社区 | Ruby China
    HTTP Tunneling (HTTP Proxy Socket Client)
    现代 C++ 编程指南
    用C++实现HTTP服务器 Windows平台(开放源代码) Que's C++ Studio 博客频道 CSDN.NET
    nvie/rq
    第二章 C语言实例 —制作http服务器 dennis ITeye技术网站
    GNU libmicrohttpd: a library for creating an embedded HTTP server
    Design Patterns and Refactoring
    A LinuxJunky Blog: A Very Simple HTTP Server writen in C
  • 原文地址:https://www.cnblogs.com/AtesetEnginner/p/12297208.html
Copyright © 2011-2022 走看看