java漏洞歷史

內容來自之前收集的思惟導圖，做者不明。

1.JDK漏洞

• 1.1.CVE-2012-4681
  https://www.freebuf.com/vuls/5485.html
  msf: exploit/multi/browser/java_jre17_jaxws
• 1.2.CVE-2012-0507
  https://blog.csdn.net/wcf1987/article/details/84368813
  msf: exploit/multi/browser/java_atomicreferencearray
• 1.3.CVE-2012-1723
  https://www.securityfocus.com/bid/53960
  msf: exploit/ulti/browser/java_verifier_field_access

• 1.4.CVE-2013-0422
  https://blog.csdn.net/wcf1987/article/details/84380363
  msf: exploit/multi/browser/java_jre17_jmxbean
  

  2.中間件漏洞

  2.1.Tomcat

• 2.1.1.CVE-2017-12617
  https://www.freebuf.com/vuls/150203.html

• 2.1.2.CVE-2018-11784
  http://zhutougg.com/2018/10/08/cve-2018-11784-tomcat-urltiao-zhuan-lou-dong/

2.2.JBoss

• 2.2.1.CVE-2010-1871
  msf: exploit/multi/http/jboss_seam_upload_exec
• 2.2.2.CVE-2010-0738
  msf: auxiliary/scanner/http/jboss_vulnscan
• 2.2.3.CVE-2013-6469
• 2.2.4.CVE-2017-7504
  http://gv7.me/articles/2018/CVE-2017-7504/
• 2.2.5.CVE-2017-12149
  http://www.javashuo.com/article/p-nhsnkizl-dx.html
  msf: auxiliary/scanner/http/jboss_vulnscan
• 2.2.6.反序列化
  https://www.seebug.org/vuldb/ssvid-89723
• 2.2.7.WebConsole/Invoker 代碼執行漏洞
• 2.2.8.JMXInvoker 代碼執行漏洞

2.3.Jetty

• 2.3.1.CVE-2005-3747
  URL編碼的反斜線源代碼暴露漏洞
  https://www.rapid7.com/db/vulnerabilities/http-jetty-jsp-source-disclosure

2.4.Jenkins

• 2.4.1.CVE-2018-1999002 任意文件讀取漏洞
  https://paper.seebug.org/648/
• 2.4.2.CVE-2018-1000861
  https://xz.aliyun.com/t/3912
• 2.4.3.CVE-2017-1000353 反序列化命令執行
  https://xz.aliyun.com/t/179
• 2.4.4.CVE-2017-1000353
  https://ssd-disclosure.com/index.php/archives/3171

3.開發框架及組件漏洞

3.1.Struts框架

• 3.1.1.Struts2全部漏洞連接
  https://cwiki.apache.org/confluence/display/WW/Security+Bulletins
• 3.1.2.命令執行漏洞
• S2-003/S2-005
  https://xz.aliyun.com/t/2323
• S2-009
  https://www.kingkk.com/2018/09/Struts2-%E5%91%BD%E4%BB%A4-%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E7%B3%BB%E5%88%97-S2-008-S2-009/
• S2-012
  https://hub.docker.com/r/vulhub/s2-012/
• S2-013/S2-014
  https://xz.aliyun.com/t/2694
• S2-015
  https://github.com/vulhub/vulhub/tree/master/struts2/s2-015
• S2-016
  http://www.javashuo.com/article/p-fczpndux-cq.html
• S2-029
  https://www.iswin.org/2016/03/20/Struts2-S2-029%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
• S2-032
  http://avfisher.win/archives/tag/s2-032
• S2-033
  http://www.javashuo.com/article/p-mekiastr-nb.html
• S2-036
• S2-037
  http://blog.nsfocus.net/struts2-s2-037-vulnerability-analysis/
• S2-045
  https://paper.seebug.org/247/
• S2-052
  https://paper.seebug.org/383/
• S2-053
  https://www.freebuf.com/vuls/147735.html
• S2-057
  http://blog.nsfocus.net/s2-075-protection-plan/

3.2.Spring框架

• 3.2.1.Spring全部漏洞連接
  https://pivotal.io/security
• 3.2.2.高危漏洞
• • 3.2.2.1.XXE
• cve-2013-4152
  https://pivotal.io/security/cve-2013-4152
• cve-2013-7315
  https://pivotal.io/security/cve-2013-7315
• CVE-2013-6429
  https://pivotal.io/security/cve-2013-6429
• CVE-2014-0054
  https://pivotal.io/security/cve-2014-0054
• CVE-2017-8040
  https://pivotal.io/security/cve-2017-8040
• CVE-2018-1259
  https://pivotal.io/security/cve-2018-1259
• CVE-2019-3774
  https://pivotal.io/security/cve-2019-3774
• CVE-2019-3773
  https://pivotal.io/security/cve-2019-3773
• CVE-2019-3772
  https://pivotal.io/security/cve-2019-3772
• • 3.2.2.2.XSS
• CVE-2013-6430
  https://pivotal.io/security/cve-2013-6430
• CVE-2014-1904
  https://pivotal.io/security/cve-2014-1904
• CVE-2018-1229
  https://pivotal.io/security/cve-2018-1229
• • 3.2.2.3.RCE
• CVE-2016-2173
  https://pivotal.io/security/cve-2016-2173
• CVE-2016-4977
  https://pivotal.io/security/cve-2016-4977
• CVE-2017-8045
  https://pivotal.io/security/cve-2017-8045
• CVE-2018-1270
  https://pivotal.io/security/cve-2018-1270
• CVE-2018-1260
  https://pivotal.io/security/cve-2018-1260

3.3.Play框架

• 3.3.1.全部漏洞連接
  https://www.playframework.com/security/vulnerability
• 3.3.2.高危漏洞
• Logback反序列化漏洞
  https://www.playframework.com/security/vulnerability/20170407-LogbackDeser
• CVE-2014-3630
  https://www.playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity

3.4.Dubbo

• 3.4.1.反序列化命令執行漏洞
  https://shuimugan.com/bug/view?bug_no=188237
• 3.4.2.未受權訪問

4.安全框架

4.1.OWASP ESAPI

• 4.1.1.注入
  Validator,Encoder
• 4.1.2.XSS
  Encoder
• 4.1.3.失效的身份認證和會話管理
  HTTPUtilities(Safe Upload)
• 4.1.4.不安全的直接對象引用
  AccessReferenceMap,AccessController
• 4.1.5.跨站請求僞造(CSRF)
  CSRF Token
• 4.1.6.安全配置錯誤
  EnterpriseSecurityException,HTTPUtils
• 4.1.7.不安全的加密存儲
  Authenticator,User,HTTPUtils
• 4.1.8.沒有限制的URL訪問
  Encryptor
• 4.1.9.傳輸層保護不足
  HTTPUtils(Secure Cookie,Channel)
• 4.1.10.未驗證的重定向和轉發
  AccessController

4.2.Spring Security

• 4.2.1.重要組件
• SecurityContextHolder
• SecurityContext
• AuthenticationManager
• ProviderManager
• AuthenticationProvider
• Authentication
• GrantedAuthority
• UserDetails
• UserDetailsService
• 4.2.2.重要過濾器
• WebAsyncManagerIntegrationFilter
• SecurityContextPersistenceFilter
• HeaderWriterFilter
• CorsFilter
• LogoutFilter
• RequestCacheAwareFilter
• SecurityContextHolderAwareRequestFilter
• AnonymousAuthenticationFilter
• SessionManagementFilter
• ExceptionTranslationFilter
• FilterSecurityInterceptor
• UsernamePasswordAuthenticationFilter
• BasicAuthenticationFilter

4.3.Shiro