乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-16: 细节已通知厂商并且等待厂商处理中 2015-03-21: 厂商已经主动忽略漏洞,细节向公众公开
阳光雨露某站点命令执行漏洞
1#由
WooYun: 阳光雨露某分站getshell(可漫游内网) 检测到202.85.212.123修复了s2--009但未修复s2-016漏洞
2#命令执行信息
服务器信息:网站物理路径: D:\apache-tomcat-6.0.39\webapps\rms_R\java.home: D:\Program Files\Java\jdk1.6.0_33\jrejava.version: 1.6.0_33os.name: Windows Server 2008 R2os.arch: amd64os.version: 6.1user.name: Administratoruser.home: C:\Users\Administratoruser.dir: D:\apache-tomcat-6.0.39\binjava.class.version: 50.0java.class.path: D:\apache-tomcat-6.0.39\bin\bootstrap.jarjava.library.path: D:\Program Files\Java\jdk1.6.0_33\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\Program Files\Java\jdk1.6.0_33\bin;.file.separator: \path.separator: ;java.vendor: Sun Microsystems Inc.java.vendor.url: http://java.sun.com/java.vm.specification.version: 1.0java.vm.specification.vendor: Sun Microsystems Inc.java.vm.specification.name: Java Virtual Machine Specificationjava.vm.version: 20.8-b03java.vm.name: Java HotSpot(TM) 64-Bit Server VMjava.specification.version: 1.6java.specification.name: Java Platform API Specificationjava.io.tmpdir: D:\apache-tomcat-6.0.39\tempwhoamirms\administrator
修复s2-016
危害等级:无影响厂商忽略
忽略时间:2015-03-21 18:50
暂无