Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WhiteHSBG JNDIExploit HTTPServer.java handleFileRequest path traversal
Vulnerability Description
A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
WhiteHSBG JNDIExploit 路径遍历漏洞
Vulnerability Description
WhiteHSBG JNDIExploit是一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。 WhiteHSBG JNDIExploit 1.4版本存在路径遍历漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。
CVSS Information
N/A
Vulnerability Type
N/A