漏洞信息详情
Lucee Server 授权问题漏洞
- CNNVD编号:CNNVD-202102-1056 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2021-21307
- 漏洞类型: 授权问题
- 发布时间: 2021-02-11
- 威胁类型: 远程
- 更新时间: 2021-08-18
- 厂 商:
- 漏洞来源:
-
漏洞简介
Lucee Server中存在授权问题漏洞,该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca
参考网址
来源:MISC
链接:https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca
来源:MISC
链接:https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643
来源:CONFIRM
链接:https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
来源:MISC
链接:http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response
来源:MISC
链接:https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal
来源:httpvoid
链接:httpvoid/writeups/blob/main/Apple-RCE.md
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-21307
受影响实体
暂无
补丁
- Lucee Server 授权问题漏洞的修复措施<!--2021-2-11-->
还没有评论,来说两句吧...