Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apache Shiro Deserialization Vulnerability (CVE-2016-4437) 扫描不出来 #44

Closed
TardC opened this issue Apr 21, 2020 · 3 comments
Closed

Apache Shiro Deserialization Vulnerability (CVE-2016-4437) 扫描不出来 #44

TardC opened this issue Apr 21, 2020 · 3 comments

Comments

@TardC
Copy link

TardC commented Apr 21, 2020

No description provided.

@LubyRuffy
Copy link

之前的版本检测原理是通过yso外部调用的方式,通过curl或者其他命令行调用的方法,导致如果目标禁止外联,禁止调用系统命令都可能漏报。在马上发布的新版本中,会直接通过最原始的java反序列化解决。

@gobysec
Copy link
Owner

gobysec commented May 22, 2020

后端引擎会在1.17.158解决

@gobysec gobysec closed this as completed May 22, 2020
@TardC
Copy link
Author

TardC commented May 22, 2020

期待新版本,Thanks :-).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@LubyRuffy @TardC @gobysec