File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " 蓝凌OA系统sys/ui/extend/varkind/custom.jsp接口存在任意文件读取与SSRF漏洞,攻击者可利用file://协议读取服务器任意文件,包括/etc/passwd和配置文件中的敏感凭据,导致服务器控制权沦陷。"
3+ published = " 2021-04-15"
4+ remediation = " 厂商已发布安全更新,建议升级蓝凌OA至最新版本;临时防护措施包括限制对custom.jsp的访问权限、部署WAF规则拦截file://协议请求。"
5+ score = 7.5
6+ severity = " HIGH"
7+ sources = [
8+ " nuclei" ,
9+ " cnvd" ,
10+ " exploitdb" ,
11+ ]
12+ title = " 蓝凌OA custom.jsp 任意文件读取与SSRF漏洞"
13+ updated = " 2021-04-15"
14+
15+ [exploit ]
16+ exp_urls = []
17+ poc_urls = []
18+
19+ [id ]
20+ aliases = [
21+ " CNVD-2021-28277" ,
22+ " NUCLEI-HTTP-CNVD-2021-CNVD-2021-28277-YAML" ,
23+ ]
24+ ave_id = " AVE-2021-0009"
25+
26+ [meta ]
27+ collected_at = " 2026-07-14T19:44:34.472673649+00:00"
28+ status = " completed"
29+
30+ [references ]
31+ urls = [" https://github.com/CLincat/vulcat/blob/main/payloads/Landray/landray-oa-cnvd-2021-28277-ssrf-fileread.py" ]
You can’t perform that action at this time.
0 commit comments