資源簡介
2EE框架——Struts2近日被曝存在遠程代碼執行的嚴重漏洞。目前Struts2官方已經確認漏洞
(漏洞編號S2-045,CVE編號:cve-2017-5638),并定級為高危。
由于該漏洞影響范圍極廣(Struts2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10),
漏洞危害程度極為嚴重,可直接獲取應用系統所在服務器的控制權限。
修復方式:更新至Struts2.3.32 或者Struts 2.5.10.1或使用第三方的防護設備進行防護
必須替換、添加的:
struts2-core-2.3.32.jar
struts2-json
代碼片段和文件信息
?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件?????358273??2013-11-23?17:55??lib\antlr-2.7.2.jar
?????文件???????4467??2013-11-23?17:55??lib\aopalliance-1.0.jar
?????文件??????43578??2013-11-23?17:55??lib\asm-3.3.jar
?????文件??????38275??2013-11-23?17:55??lib\asm-commons-3.3.jar
?????文件??????21503??2013-11-23?17:55??lib\asm-tree-3.3.jar
?????文件??????32986??2013-11-23?18:09??lib\builder-0.6.2.jar
?????文件??????37854??2013-11-23?18:06??lib\classworlds-1.1.jar
?????文件?????231320??2013-11-23?18:00??lib\commons-beanutils-1.8.0.jar
?????文件??????91699??2013-11-23?18:03??lib\commons-chain-1.2.jar
?????文件?????588337??2016-05-05?09:36??lib\commons-collections-3.2.2.jar
?????文件?????148783??2013-11-23?17:57??lib\commons-digester-2.0.jar
?????文件??????70282??2016-06-22?10:50??lib\commons-fileupload-1.3.2.jar
?????文件?????173587??2013-11-23?17:55??lib\commons-io-2.2.jar
?????文件?????261809??2013-11-23?17:54??lib\commons-lang-2.4.jar
?????文件?????384767??2014-01-02?21:45??lib\commons-lang3-3.2.jar
?????文件??????62050??2013-11-23?17:55??lib\commons-logging-1.1.3.jar
?????文件?????138956??2013-11-23?17:54??lib\commons-validator-1.3.1.jar
?????文件??????44881??2013-11-23?18:09??lib\core-0.6.2.jar
?????文件?????184569??2013-11-23?18:01??lib\dwr-1.1.1.jar
?????文件??????86487??2013-11-23?18:04??lib\ezmorph-1.0.6.jar
?????文件????1300487??2015-04-03?07:09??lib\freemarker-2.3.22.jar
?????文件?????639592??2013-11-23?18:08??lib\google-collections-1.0.jar
?????文件????2694082??2013-11-23?18:08??lib\google-gxp-0.2.4-beta.jar
?????文件????1143921??2013-11-23?18:09??lib\guava-r09.jar
?????文件?????228286??2013-11-23?18:04??lib\jackson-core-asl-1.9.2.jar
?????文件?????765648??2013-11-23?18:04??lib\jackson-mapper-asl-1.9.2.jar
?????文件?????614203??2013-11-23?17:55??lib\javassist-3.11.0.GA.jar
?????文件??????17097??2013-11-23?18:09??lib\jcl-over-slf4j-1.5.8.jar
?????文件?????151839??2013-11-23?18:04??lib\json-lib-2.3-jdk15.jar
?????文件??????18984??2013-11-23?18:07??lib\juli-6.0.18.jar
............此處省略80個文件信息
-----------?---------??----------?-----??----
?????文件?????358273??2013-11-23?17:55??lib\antlr-2.7.2.jar
?????文件???????4467??2013-11-23?17:55??lib\aopalliance-1.0.jar
?????文件??????43578??2013-11-23?17:55??lib\asm-3.3.jar
?????文件??????38275??2013-11-23?17:55??lib\asm-commons-3.3.jar
?????文件??????21503??2013-11-23?17:55??lib\asm-tree-3.3.jar
?????文件??????32986??2013-11-23?18:09??lib\builder-0.6.2.jar
?????文件??????37854??2013-11-23?18:06??lib\classworlds-1.1.jar
?????文件?????231320??2013-11-23?18:00??lib\commons-beanutils-1.8.0.jar
?????文件??????91699??2013-11-23?18:03??lib\commons-chain-1.2.jar
?????文件?????588337??2016-05-05?09:36??lib\commons-collections-3.2.2.jar
?????文件?????148783??2013-11-23?17:57??lib\commons-digester-2.0.jar
?????文件??????70282??2016-06-22?10:50??lib\commons-fileupload-1.3.2.jar
?????文件?????173587??2013-11-23?17:55??lib\commons-io-2.2.jar
?????文件?????261809??2013-11-23?17:54??lib\commons-lang-2.4.jar
?????文件?????384767??2014-01-02?21:45??lib\commons-lang3-3.2.jar
?????文件??????62050??2013-11-23?17:55??lib\commons-logging-1.1.3.jar
?????文件?????138956??2013-11-23?17:54??lib\commons-validator-1.3.1.jar
?????文件??????44881??2013-11-23?18:09??lib\core-0.6.2.jar
?????文件?????184569??2013-11-23?18:01??lib\dwr-1.1.1.jar
?????文件??????86487??2013-11-23?18:04??lib\ezmorph-1.0.6.jar
?????文件????1300487??2015-04-03?07:09??lib\freemarker-2.3.22.jar
?????文件?????639592??2013-11-23?18:08??lib\google-collections-1.0.jar
?????文件????2694082??2013-11-23?18:08??lib\google-gxp-0.2.4-beta.jar
?????文件????1143921??2013-11-23?18:09??lib\guava-r09.jar
?????文件?????228286??2013-11-23?18:04??lib\jackson-core-asl-1.9.2.jar
?????文件?????765648??2013-11-23?18:04??lib\jackson-mapper-asl-1.9.2.jar
?????文件?????614203??2013-11-23?17:55??lib\javassist-3.11.0.GA.jar
?????文件??????17097??2013-11-23?18:09??lib\jcl-over-slf4j-1.5.8.jar
?????文件?????151839??2013-11-23?18:04??lib\json-lib-2.3-jdk15.jar
?????文件??????18984??2013-11-23?18:07??lib\juli-6.0.18.jar
............此處省略80個文件信息
- 上一篇:Oracle的JDBC驅動官方完全版
- 下一篇:javaee 校友管理系統
評論
共有 條評論
川公網安備 51152502000135號