1
CVE统计
最近一周CVE公告总数与前期比较基本持平。值得关注的高危漏洞如下:
2
威胁信息回顾
●Struts 2再爆高危漏洞CVE-2017-5638
●Apache Structs2的Jakarta Multipart parser插件存在远程代码实行漏洞,漏洞编号为CVE-2017-5638。cwiki.apache.org公告了这个信息。
●两会期间说网络安全
●人大会议政协会议,个中网络安全仍旧是议题之一。
●维基解密说 CIA能用三星电视机偷听你的发言
●CIA回应 “维基解密”黑客工具窃听丑闻 。针对“维基解密”( WikiLeaks )网站提出的黑客工具索赔,美国中心情报局(CIA)已揭橥声明,但否认了对美国公民进行监视。
●CloudPets智能玩具数据透露事宜
●参议员调查CloudPets智能玩具数据透露事宜 美国多部门哀求企业当月作出应急相应。
●wordpress rest api 漏洞又来了CVE-2017-5487
●在2月份的时候, wordpress rest api 曾经爆出过越权漏洞 ,结果是黑客可以修正文章内容。3月3日,REST API又涌现了越权漏洞,成功的利用这个漏洞,可以绕过管理员权限透露用户数据。
●攻击石油公司的恶意软件StoneDrill
●攻击石油公司的恶意软件又出来一个StoneDrill 它跟Shamoon的攻击行为很类似
●Yahoo Reveals 32 Million Accounts Were Hacked Using ‘Cookie Forging Attack’
●Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password.
●How A Simple Command Typo Took Down Amazon S3 and Big Chunk of the Internet
●Amazon on Thursday admitted that an incorrectly typed command during a routine debugging of the company’s billing system caused the 5-hour-long outage of some Amazon Web Services (AWS) servers on Tuesday.
●High severity bug discovered in CISCO NETFLOW GENERATION APPLIANCE
●A flaw in Cisco NetFlow Generation Appliance tracked as CVE-2017-3826, could be exploited by an unauthenticated, remote attacker to cause a DoS condition.
●Google Patches 35 Critical Android Vulnerabilities
●Google this week released a new set of monthly security patches for Android to address over 100 vulnerabilities in the platform, 35 of which carry a Critical severity rating.
●Data-wiping malware targets Europe
●Shamoon—the mysterious disk wiper that popped up out nowhere in 2012 and took out more than 35,000 computers in a Saudi Arabian-owned gas company before disappearing—is back. Its new, meaner design has been unleashed three time since November. What’s more, a new wiper developed in the same style as Shamoon has been discovered targeting a petroleum company in Europe, where wipers used in the Middle East have not previously been seen.
●185,000+ Wi-Fi-connected cameras are open to hack
●The researcher Pierre Kim revealed that more than 185,000 vulnerable Wi-Fi-connected cameras are exposed to the Internet, ready to be hacked.
(数据来源:绿盟科技 威胁情报与网络安全实验室 网络整理)
漏洞研究
1
漏洞库统计
截止到2017年3月10日,绿盟科技漏洞库已收录总条款达到36049条。本周新增漏洞记录32条,个中高危漏洞数量1条,中危漏洞数量30条,低危漏洞数量1条。
● Wireshark RTMPT文件解析器谢绝做事漏洞(CVE-2017-6472)
●危险等级:中
●cve编号:CVE-2017-6472
● Wireshark K12文件解析器谢绝做事漏洞(CVE-2017-6473)
●危险等级:中
●cve编号:CVE-2017-6473
● Wireshark NetScaler文件解析器谢绝做事漏洞(CVE-2017-6474)
●危险等级:中
●cve编号:CVE-2017-6474
● Wireshark IAX2 文件解析器谢绝做事漏洞(CVE-2017-6470)
●危险等级:中
●cve编号:CVE-2017-6470
● Wireshark WSP 文件解析器谢绝做事漏洞(CVE-2017-6471)
●危险等级:中
●cve编号:CVE-2017-6471
● Wireshark Netscaler文件解析器谢绝做事漏洞(CVE-2017-6467)
●危险等级:中
●cve编号:CVE-2017-6467
● Wireshark NetScaler文件解析器谢绝做事漏洞(CVE-2017-6468)
●危险等级:中
●cve编号:CVE-2017-6468
● Wireshark LDSS文件解析器谢绝做事漏洞(CVE-2017-6469)
●危险等级:中
●cve编号:CVE-2017-6469
● D-Link DSL-2730U跨站要求假造漏洞(CVE-2017-6411)
●危险等级:中
●BID:96560
●cve编号:CVE-2017-6411
● D-link DI-524跨站要求假造漏洞(CVE-2017-5633)
●危险等级:中
●BID:96475
●cve编号:CVE-2017-5633
● SilverStripe CMS跨站脚本攻击漏洞(CVE-2017-5197)
●危险等级:低
●cve编号:CVE-2017-5197
● Linux kernel drivers/tty/n_hdlc.c谢绝做事漏洞(CVE-2017-2636)
●危险等级:中
●cve编号:CVE-2017-2636
● McAfee ePolicy Orchestrator跨站脚本漏洞(CVE-2017-3902)
●危险等级:中
●BID:96465
●cve编号:CVE-2017-3902
● Apache Struts2 任意代码实行漏洞(CVE-2017-5638)
●危险等级:高
●cve编号:CVE-2017-5638
● IBM DB2 信息透露漏洞(CVE-2017-1150)
●危险等级:中
●BID:96597
●cve编号:CVE-2017-1150
● IBM WebSphere Commerce本地信息透露漏洞(CVE-2016-5894)
●危险等级:中
●BID:96624
●cve编号:CVE-2016-5894
● Google Android Recovery Verifier权限提升漏洞(CVE-2017-0475)
●危险等级:中
●BID:96716
●cve编号:CVE-2017-0475
● Schneider Electric Wonderware Intelligence默认凭据安全限定绕过漏洞(CVE-2017-5178)
●危险等级:中
●BID:96721
●cve编号:CVE-2017-5178
● PHP FormMail Generator跨站脚本漏洞(CVE-2016-9493)
●危险等级:中
●BID:96718
●cve编号:CVE-2016-9493
● PHP FormMail Generator任意文件上传漏洞(CVE-2016-9492)
●cve编号:CVE-2016-9492
● Netpbm 本地堆缓冲区溢出漏洞(CVE-2017-2580)
●危险等级:中
●BID:96712
●cve编号:CVE-2017-2580
● Netpbm 本地整数溢出漏洞(CVE-2017-2581)
●危险等级:中
●BID:96710
●cve编号:CVE-2017-2581
● Netpbm 本地谢绝做事漏洞(CVE-2017-2579)
●危险等级:中
●BID:96714
●cve编号:CVE-2017-2579
● IBM Content Navigator跨站脚本漏洞(CVE-2017-1146)
●危险等级:中
●BID:96761
●cve编号:CVE-2017-1146
● IBM Tivoli System Automation本地权限提升漏洞(CVE-2017-1134)
●危险等级:中
●BID:96764
●cve编号:CVE-2017-1134
● Google Android libgdx远程代码实行漏洞(CVE-2017-0477)
●危险等级:中
●BID:96760
●cve编号:CVE-2017-0477
● Google Android Framesequence Library远程代码实行漏洞(CVE-2017-0478)
●危险等级:中
●BID:96762
●cve编号:CVE-2017-0478
● qBittorrent 跨站脚本漏洞(CVE-2017-6503)
●危险等级:中
●BID:96758
●cve编号:CVE-2017-6503
● gdk-pixbuf gdk-pixbuf-thumbnailer.c谢绝做事漏洞(CVE-2017-6311)
●危险等级:中
●cve编号:CVE-2017-6311
● gdk-pixbuf io-ico.c谢绝做事漏洞(CVE-2017-6312)
●危险等级:中
●cve编号:CVE-2017-6312
● gdk-pixbuf load_resources函数谢绝做事漏洞(CVE-2017-6313)
●危险等级:中
●cve编号:CVE-2017-6313
● gdk-pixbuf make_available_at_least函数谢绝做事漏洞(CVE-2017-6314)
●危险等级:中
●cve编号:CVE-2017-6314
(数据来源:绿盟科技安全研究部&产品规则组)
焦点漏洞
● 焦点漏洞
Struts2 远程代码实行漏洞
◆NSFOCUS ID
36031
◆CVE ID
CVE-2017-5638
◆受影响版本
Struts 2.3.5 – Struts 2.3.31
Struts 2.5 – Struts 2.5.10
◆漏洞点评
Apache Struts是美国阿帕奇(Apache)软件基金会卖力掩护的一个开源项目,是一套用于创建企业级Java Web运用的开源MVC框架。Struts2的Jakarta Multipart parser插件存在远程代码实行漏洞。该漏洞是由于上传功能的非常处理函数没有精确处理用户输入的缺点信息,攻击者通过恶意的Content-Type值,可导致远程代码实行。目前,Apache官方已针对该漏洞已经发布安全公告和补丁。请受影响用户及时检讨升级,修复漏洞。
(数据来源:绿盟科技安全研究部&产品规则组)
请点击屏幕右上方“…”
关注绿盟科技公众年夜众号
NSFOCUS-weixin
↑↑↑长按二维码,下载绿盟云APP
