CVE编号
CVE-2017-14063利用情况
暂无补丁情况
N/A披露时间
2017-09-01漏洞描述
Async Http Client(又名AHC或async-http-client)是一个允许Java应用程序执行HTTP请求和异步处理该HTTP响应的客户端库。Async Http Client 2.0.35之前的版本中存在安全漏洞。攻击者可利用该漏洞将客户端连接到其他主机。
解决建议
厂商已发布了漏洞修复程序,请及时关注更新:https://github.com/AsyncHttpClient/async-http-client/issues/1455
参考链接 |
|
|---|---|
| http://openwall.com/lists/oss-security/2017/08/31/4 | |
| https://access.redhat.com/errata/RHSA-2018:2669 | |
| https://github.com/AsyncHttpClient/async-http-client/issues/1455 | |
| https://lists.apache.org/thread.html/r04b15fd898a6b1612153543375daaa8145a0fd1... | |
| https://lists.apache.org/thread.html/r0a6b6429a7558051dbb70bd06584b4b1c334a80... | |
| https://lists.apache.org/thread.html/r14a74d204f285dd3a4fa203de6dbb4e741ddb7f... | |
| https://lists.apache.org/thread.html/r3df4b7ccc363b4850a24842138117aa4451b875... | |
| https://lists.apache.org/thread.html/r41a0e2c36f7d1854a4d56cb1e4aa720ef501782... | |
| https://lists.apache.org/thread.html/r4ebb9596d890f3528630492bd78237b3eef06f0... | |
| https://lists.apache.org/thread.html/r5b8666c4414500ff6e993bfa69cb6afa19b1b67... | |
| https://lists.apache.org/thread.html/r5f07c30721503d4c02d5451f77a611a1a0bb2a9... | |
| https://lists.apache.org/thread.html/r5f794dc07913c5f2ec08f540813b40e61b562d3... | |
| https://lists.apache.org/thread.html/r683d78c6d7a15659f2bb82dd4120dab8c45a870... | |
| https://lists.apache.org/thread.html/r7046a51116207588e36ca8c2e291327e391dae4... | |
| https://lists.apache.org/thread.html/r7879a48644f708be0529bd39f0679ad3ad951f3... | |
| https://lists.apache.org/thread.html/r79d9bab405414af45568c4683386f5e9fd02c10... | |
| https://lists.apache.org/thread.html/r868875e67494a18d31e88cba2672f45c3fc6708... | |
| https://lists.apache.org/thread.html/r9ea5d489e004b40baf73880c4e11dd4de24b799... | |
| https://lists.apache.org/thread.html/rbbad61e1ba5b21e234a6664963618acfee237af... | |
| https://lists.apache.org/thread.html/rbc4fbb06ccb10e26e6064f57f6bd4935eabe2d1... | |
| https://lists.apache.org/thread.html/rc550b8955b37b40fee18db99f167337c41c930d... | |
| https://lists.apache.org/thread.html/rcb46acc25917e01ebecca132e870da9ab935d57... | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2... | |
| https://lists.apache.org/thread.html/re2510852c4a1f635b14b35e5dfd7597076928e7... | |
| https://lists.apache.org/thread.html/re7367895ccbf64523efcd39a9181baf2eaa30b0... | |
| https://lists.apache.org/thread.html/rfaa4d578587f52a9c4d176af516a681a712c664... | |
| https://lists.apache.org/thread.html/rfd823a733b02cffbef5a69953fdcbed2d1d0afa... | |
| https://lists.apache.org/thread.html/rfe55d83e4070bcc9285bbbf6bc39635dbcbba6d... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | asynchttpclient_project | async-http-client | * |
Up to (excluding) 2.0.35 |
|||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 无
- 保密性 无
- 完整性 高
还没有评论,来说两句吧...