【安全日记】Weblogic任意文件上传漏洞
焦点漏洞
◆ 焦点漏洞
Weblogic任意文件上传漏洞CVE-2018-2894
◆ NSFOCUS ID
40480
◆ CVE ID
CVE-2018-2894
◆ 受影响版本
Weblogic 10.3.6.0
Weblogic 12.1.3.0
Weblogic 12.2.1.2
Weblogic 12.2.1.3
◆ 漏洞点评
北京时间7月18日凌晨,Oracle官方发布了季度补丁更新,其中修复了一个 Oracle WebLogic Server 任意文件上传漏洞CVE-2018-2894。通过此漏洞攻击者可以在未经身份验证的情况下对WebLogic进行攻击,目前相关PoC已经公开,建议相关用户尽快进行安全升级。
互联网安全威胁态势
CVE统计
最近一周CVE公告总数与前期相比有明显增长。
2
每日简报回顾
标题:Hackers Breach Russian Bank and Steal $1 Million Due to Outdated Router
时间:2018-07-23
简介:A notorious hacker group known as MoneyTaker has stolen roughly $1 million from a Russian bank after breaching its network via an outdated router.The victim of the hack is PIR Bank, which lost at least $920,000 in money it had stored in a corresponding account at the Bank of Russia.
链接:
https://www.bleepingcomputer.com/news/security/hackers-breach-russian-bank-and-steal-1-million-due-to-outdated-router/
标题:Russia Targeted by Almost 25 Million Cyber-Attacks During World Cup
时间:2018-07-17
简介:Russia was the target of almost 25 million cyber-attacks during the World Cup, President Vladimir Putin said, though he did not indicate who may have been behind the attacks.
链接:
https://www.securityweek.com/russia-targeted-almost-25-million-cyber-attacks-during-world-cup-putin
标题:EU Fines Google Record $5 Billion in Android Antitrust Case
时间:2018-07-19
简介:Google has been hit by a record-breaking $5 billion antitrust fine by the European Union regulators for abusing the dominance of its Android mobile operating system and thwarting competitors.
链接:
https://thehackernews.com/2018/07/google-android-antitrust-fine.html
标题:US Biggest Blood Testing Laboratories LabCorp suffered a security breach
时间:2018-07-20
简介:Hackers have breached the network at LabCorp, one of the largest diagnostic blood testing laboratories in the US, millions of Americans potentially at risk.
链接:
https://securityaffairs.co/wordpress/74536/data-breach/labcorp-security-breach.html
......
漏洞研究
1
漏洞库统计
截止到2018年7月20日,绿盟科技漏洞库已收录总条目达到40502条。本周新增漏洞记录68条,其中高危漏洞数量21条,中危漏洞数量29条,低危漏洞数量18条。
Adobe Flash Player类型混淆任意代码执行漏洞(CVE-2018-5007)
危险等级:高
cve编号:CVE-2018-5007
Adobe Flash Player越界读信息泄露漏洞(CVE-2018-5008)
危险等级:高
cve编号:CVE-2018-5008
WAGO e!DISPLAY 安全漏洞(CVE-2018-12979)
危险等级:低
cve编号:CVE-2018-12979
Olli Parviainen SoundTouch 拒绝服务安全漏洞(CVE-2018-14044)
危险等级:低
cve编号:CVE-2018-14044
Olli Parviainen SoundTouch 拒绝服务安全漏洞(CVE-2018-14045)
危险等级:低
cve编号:CVE-2018-14045
Exiv2 堆缓冲区溢出漏洞(CVE-2018-14046)
危险等级:低
cve编号:CVE-2018-14046
IBM Security Identity Governance and Intelligence Virtual Appliance信息泄露安全漏洞
危险等级:低
cve编号:CVE-2017-1367
Apache Spark 欺骗漏洞(CVE-2018-1334)
危险等级:中
cve编号:CVE-2018-1334
Apache Spark 跨站脚本漏洞(CVE-2018-8024)
危险等级:中
cve编号:CVE-2018-8024
Micro Focus Fortify Software Security Center信息泄露漏洞(CVE-2018-12463)
危险等级:中
cve编号:CVE-2018-12463
IBM Security Identity Governance and Intelligence Virtual Appliance信息泄露安全漏洞
危险等级:低
cve编号:CVE-2017-1395
......
 | 请点击屏幕右上方“…” NSFOCUS-weixin |
↑↑↑长按二维码,下载绿盟云APP
点击“阅读原文”查看完整内容
关注公众号:拾黑(shiheibook)了解更多
[广告]赞助链接:
四季很好,只要有你,文娱排行榜:https://www.yaopaiming.com/
让资讯触达的更精准有趣:https://www.0xu.cn/
绿盟科技
关注网络尖刀微信公众号随时掌握互联网精彩
- 1 从“水之道”感悟“国之交” 7904715
- 2 日方挑衅中国收割民意非常危险 7809625
- 3 课本上明太祖画像换了 7712589
- 4 全国冰雪季玩法大盘点 7616978
- 5 日本记者街头采访找不到中国游客 7523424
- 6 20多岁女生靠偷快递为生 7427694
- 7 净网:网民造谣汽车造成8杀被查处 7328294
- 8 苟仲文受贿2.36亿余元一审被判死缓 7231867
- 9 退学北大考上清华小伙被欠家教费 7141012
- 10 流感自救抓住“黄金48小时” 7043492
