亚博买球

信息安全

信息安全 亚博买球 > 信息安全 > 信息安全 > 正文

【亚博买球 - 漏洞预警】百度 UEditor web 编辑器 v1.4.3 等多个版本存在 SSRF 漏洞

发布时间:2019-06-27 浏览次数:次

jinri,hulianwangshanggongkaileueditorbianjiqiv1.4.3banbendessrfloudongxinxijifenxifuxiancailiao。gailoudongshiboolxingdessrf,chulekeyijinxingneiwangtancewai,yekeyigenjuwebyingyongzhiwenxinxi,jinxingjinyibuceshi。muqian,guanfangyigengxinbanbenxiufuleshangshuloudong。

亚博买球jianyiyonghuguanzhugailoudong,bingjishiyuxiangguanwangzhankaifadanweiquerenshifoushoudaoloudongyingxiang,jinkuaicaiquxiubucuoshi。

漏洞概述

亚博买球ueditorshiyoubaiduwebqianduanyanfabukaifasuojianjisuodefuwenbenwebbianjiqi,juyouqingliang,kedingzhi,zhuzhongyonghutiyandengtedian,kaiyuanjiyumitxieyi,yunxuziyoushiyonghexiugaidaima。

ueditor v1.4.3jiyiqianbanbencunzaissrfloudong。youyuueditorzaiv1.4.3zhiqianmeiyoujiaruduineibuipdexianzhi,suoyizaishiyongzhuaqutupiandegongnengshi,zaochengssrfloudong。gongjizhekeyiliyonggailoudongjinxingneiwangfuwuqidetance,binggenjuneiwangfuwuqidetezheng(ru/jmx-console/images/logo.gif, /tomcat.png),panduanqishiyongdezujian,caicekenengcunzaideloudong,ranhoujinxingjinyibudeshentou。

漏洞危害

亚博买球gongjizhekeliyonggailoudongkejinxingneiwangtancehebufenyingyongshibie,congerjinxingjinyibugongji。

受影响范围

baiduueditor webbianjiqi≦v1.4.3

修复建议

muqian,guanfangyigengxinbanbenxiufuleshangshuloudong,jianyiyonghujishiyuxiangguanwangzhankaifadanweiquerenshifoushoudaoloudongyingxiang,jinkuaicaiquxiubucuoshi。

guanfangcankaolianjie:

亚博买球

banquansuoyou:yabomaiqiu

dizhi:hubeishengwuhanshihongshanquluoyulu1037hao youbian:430074 dianhua: chuanzhen:

亚博APP 亚博APP 亚博APP 亚博APP 亚博APP 亚博APP