Weblogic CVE-2019-2647等相关XXE漏洞分析 – 绿盟科技技术博客
Tags
attack-pattern: Data
Show in Graph
Common Information
Type Value
UUID aac0cee1-5843-442e-a9c2-e1f76ca73bc6
Fingerprint cca95bfcba0816fe
Analysis status DONE
Considered CTI value 0
Text language
Published April 19, 2019, 7:04 p.m.
Added to db Jan. 18, 2023, 7:36 p.m.
Last updated Nov. 17, 2024, 12:55 p.m.
Headline Weblogic CVE-2019-2647等相关XXE漏洞分析
Title Weblogic CVE-2019-2647等相关XXE漏洞分析 – 绿盟科技技术博客
Detected Hints/Tags/Attributes 9/1/18
Source URLs
Redirection Url
Details Source http://blog.nsfocus.net/cve-2019-2647/
URL Provider
Details Provider Source level domain
Details nsfocus.net blog.nsfocus.net
Attributes
Details Type #Events CTI Value
Details Domain 2 
xml.org
Details Domain 12 
apache.org
Details Domain 6 
is.read
Details Domain 2 
xxlegend.com
Details File 3 
cpuapr2019-5072813.html
Details File 1 
有一个新增的文件wsatstreamhelper.java
Details File 1 
这个文件新加到了foreignrecoverycontext.java
Details File 1 
和wsatxaresource.java
Details File 1 
this.ep
Details File 1 
最典型的就是为什么拿foreignrecoverycontext.java
Details File 1 
有些问题不好一时解决所以就转到foreignrecoverycontext.java
Details File 8 
test.xml
Details Url 1 
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#appendixfmw
Details Url 1 
http://xml.org/sax/features/external-general-entities
Details Url 1 
http://xml.org/sax/features/external-parameter-entities
Details Url 1 
http://xml.org/sax/features/validation
Details Url 1 
http://apache.org/xml/features/nonvalidating/load-external-dtd
Details Url 1 
http://xxlegend.com/weblogic