Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RCE from attacker with configuration edit priviledges through JNDI lookup
Vulnerability Description
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Quality Open Software Logback 代码问题漏洞
Vulnerability Description
Quality Open Software Logback是瑞士Quality Open Software公司的一个 Java 应用程序的日志记录框架。 Quality Open Software logback 1.2.7及之前版本存在代码问题漏洞,攻击者可利用该漏洞精心设计恶意配置,从而允许执行从LDAP服务器加载的任意代码。
CVSS Information
N/A
Vulnerability Type
N/A