精品国产一级在线观看,国产成人综合久久精品亚洲,免费一级欧美大片在线观看

當(dāng)前位置:安全企業(yè)動態(tài) → 正文

42款思科產(chǎn)品或受Apache Struts2遠(yuǎn)程代碼執(zhí)行漏洞(S2-053)影響

責(zé)任編輯:editor004 |來源:企業(yè)網(wǎng)D1Net  2017-09-12 12:18:15 本文摘自:E安全

Apache Struts 9月7日發(fā)布安全公告,披露Apache Struts 2存在中危遠(yuǎn)程代碼執(zhí)行漏洞(S2-053),編號為CVE-2017-12611,當(dāng)在Freemarker標(biāo)簽中使用表達(dá)式常量或強(qiáng)制表達(dá)式時使用請求值可能會導(dǎo)致遠(yuǎn)程代碼執(zhí)行漏洞(見下面的示例)。

在這兩種情況下,值屬性都使用可寫屬性,都會受到Freemarker的表達(dá)式的影響。

受影響版本

Struts 2.0.1 - Struts 2.3.33, Struts 2.5 - Struts 2.5.10

思科受影響產(chǎn)品列表

與許多廠商一樣,思科很久以前就在Web接口上使用了開源Apache Struts。Switchzilla 9月9日宣布42款思科產(chǎn)品或受該漏洞影響。

思科目正在調(diào)查協(xié)作和網(wǎng)絡(luò)管理產(chǎn)品、身份服務(wù)引擎(Identity Services Engine),一批思科Prime軟件、語音和通信、視頻和思科網(wǎng)真、以及托管服務(wù)等產(chǎn)品。調(diào)查的產(chǎn)品包括:

Cisco Unified MeetingPlace

Cisco WebEx Meetings Server

Cisco Data Center Network Manager

Cisco Identity Services Engine (ISE)

Cisco Digital Media Manager

Cisco MXE 3500 Series Media Experience Engines

Cisco Prime Central for Service Providers

Cisco Prime Collaboration Provisioning

Cisco Prime Home

Cisco Prime LAN Management Solution - Solaris

Cisco Prime License Manager

Cisco Prime Network Registrar IP Address Manager (IPAM)

Cisco Prime Network

Cisco Unified Intelligence Center

Cisco Emergency Responder

Cisco Enterprise Chat and Email

Cisco Hosted Collaboration Mediation Fulfillment

Cisco Hosted Collaboration Solution for Contact Center

Cisco Unified Communications Manager IM & Presence Service (formerly CUPS)

Cisco Unified Communications Manager

Cisco Unified Contact Center Enterprise

Cisco Unified E-Mail Interaction Manager

Cisco Unified Intelligent Contact Management Enterprise

Cisco Unified SIP Proxy Software

Cisco Unified Survivable Remote Site Telephony Manager

Cisco Unified Web Interaction Manager

Cisco Unity Connection

Cisco Virtualized Voice Browser

Cisco Enterprise Content Delivery System (ECDS)

Cisco Video Distribution Suite for Internet Streaming (VDS-IS)

Cisco Business Video Services Automation Software

Cisco Cloud Web Security

Cisco Deployment Automation Tool

Cisco Network Device Security Assessment Service

Cisco Network Performance Analysis

Cisco Partner Support Service 1.x

Cisco Prime Service Catalog

Cisco Services Provisioning Platform

Cisco Smart Net Total Care

Cisco Tidal Performance Analyzer

Cisco Unified Service Delivery Platform

Cisco WebEx Network-Based Recording (NBR) Management

思科在公告中指出,一旦調(diào)查有進(jìn)展,思科會發(fā)布更新信息,披露受影響的產(chǎn)品。

由于遠(yuǎn)程攻擊者可利用該漏洞執(zhí)行代碼,鑒于此,思科在公告中將這個漏洞標(biāo)記為“Critical”。

思科在公告中表示,一旦識別出易受攻擊的產(chǎn)品便會發(fā)布公告,并會發(fā)布補(bǔ)丁或提出解決方案。

關(guān)鍵字:漏洞遠(yuǎn)程

本文摘自:E安全

x 42款思科產(chǎn)品或受Apache Struts2遠(yuǎn)程代碼執(zhí)行漏洞(S2-053)影響 掃一掃
分享本文到朋友圈
當(dāng)前位置:安全企業(yè)動態(tài) → 正文

42款思科產(chǎn)品或受Apache Struts2遠(yuǎn)程代碼執(zhí)行漏洞(S2-053)影響

責(zé)任編輯:editor004 |來源:企業(yè)網(wǎng)D1Net  2017-09-12 12:18:15 本文摘自:E安全

Apache Struts 9月7日發(fā)布安全公告,披露Apache Struts 2存在中危遠(yuǎn)程代碼執(zhí)行漏洞(S2-053),編號為CVE-2017-12611,當(dāng)在Freemarker標(biāo)簽中使用表達(dá)式常量或強(qiáng)制表達(dá)式時使用請求值可能會導(dǎo)致遠(yuǎn)程代碼執(zhí)行漏洞(見下面的示例)。

在這兩種情況下,值屬性都使用可寫屬性,都會受到Freemarker的表達(dá)式的影響。

受影響版本

Struts 2.0.1 - Struts 2.3.33, Struts 2.5 - Struts 2.5.10

思科受影響產(chǎn)品列表

與許多廠商一樣,思科很久以前就在Web接口上使用了開源Apache Struts。Switchzilla 9月9日宣布42款思科產(chǎn)品或受該漏洞影響。

思科目正在調(diào)查協(xié)作和網(wǎng)絡(luò)管理產(chǎn)品、身份服務(wù)引擎(Identity Services Engine),一批思科Prime軟件、語音和通信、視頻和思科網(wǎng)真、以及托管服務(wù)等產(chǎn)品。調(diào)查的產(chǎn)品包括:

Cisco Unified MeetingPlace

Cisco WebEx Meetings Server

Cisco Data Center Network Manager

Cisco Identity Services Engine (ISE)

Cisco Digital Media Manager

Cisco MXE 3500 Series Media Experience Engines

Cisco Prime Central for Service Providers

Cisco Prime Collaboration Provisioning

Cisco Prime Home

Cisco Prime LAN Management Solution - Solaris

Cisco Prime License Manager

Cisco Prime Network Registrar IP Address Manager (IPAM)

Cisco Prime Network

Cisco Unified Intelligence Center

Cisco Emergency Responder

Cisco Enterprise Chat and Email

Cisco Hosted Collaboration Mediation Fulfillment

Cisco Hosted Collaboration Solution for Contact Center

Cisco Unified Communications Manager IM & Presence Service (formerly CUPS)

Cisco Unified Communications Manager

Cisco Unified Contact Center Enterprise

Cisco Unified E-Mail Interaction Manager

Cisco Unified Intelligent Contact Management Enterprise

Cisco Unified SIP Proxy Software

Cisco Unified Survivable Remote Site Telephony Manager

Cisco Unified Web Interaction Manager

Cisco Unity Connection

Cisco Virtualized Voice Browser

Cisco Enterprise Content Delivery System (ECDS)

Cisco Video Distribution Suite for Internet Streaming (VDS-IS)

Cisco Business Video Services Automation Software

Cisco Cloud Web Security

Cisco Deployment Automation Tool

Cisco Network Device Security Assessment Service

Cisco Network Performance Analysis

Cisco Partner Support Service 1.x

Cisco Prime Service Catalog

Cisco Services Provisioning Platform

Cisco Smart Net Total Care

Cisco Tidal Performance Analyzer

Cisco Unified Service Delivery Platform

Cisco WebEx Network-Based Recording (NBR) Management

思科在公告中指出,一旦調(diào)查有進(jìn)展,思科會發(fā)布更新信息,披露受影響的產(chǎn)品。

由于遠(yuǎn)程攻擊者可利用該漏洞執(zhí)行代碼,鑒于此,思科在公告中將這個漏洞標(biāo)記為“Critical”。

思科在公告中表示,一旦識別出易受攻擊的產(chǎn)品便會發(fā)布公告,并會發(fā)布補(bǔ)丁或提出解決方案。

關(guān)鍵字:漏洞遠(yuǎn)程

本文摘自:E安全

電子周刊
回到頂部

關(guān)于我們聯(lián)系我們版權(quán)聲明隱私條款廣告服務(wù)友情鏈接投稿中心招賢納士

企業(yè)網(wǎng)版權(quán)所有 ©2010-2024 京ICP備09108050號-6 京公網(wǎng)安備 11010502049343號

^ 
    • <menuitem id="jw4sk"></menuitem>
    

    • 

      3. <form id="jw4sk"><tbody id="jw4sk"><dfn id="jw4sk"></dfn></tbody></form>
      
主站蜘蛛池模板:
津市市|
安康市|
泰来县|
湟中县|
蒲江县|
闽清县|
同仁县|
酒泉市|
曲周县|
徐水县|
澄江县|
鹤山市|
仙游县|
保定市|
博白县|
临汾市|
南部县|
仁寿县|
镇赉县|
威远县|
沙湾县|
车致|
岳西县|
开鲁县|
乐东|
大同县|
凤台县|
江都市|
朝阳县|
定陶县|
乌兰浩特市|
曲松县|
于田县|
大新县|
锡林郭勒盟|
平泉县|
民县|
改则县|
清丰县|
革吉县|
深泽县|