forgerok openam 代码执行 (CVE-2021-35464)
| ID: | 16748 |
|---|---|
| 标题: | forgerok openam 代码执行 (CVE-2021-35464) |
| 描述: | forgerok openam 代码执行 (CVE-2021-35464) vulfocus/forgerok_openam-cve_2021_35464:latest ForgeRock AM使用的Jato框架中不安全的Java反序列化,导致攻击者可以通过构造恶意请求触发反序列化实现任意代码执行,控制运行ForgeRock AM服务器。 |
| 类型: | WEB |
| 网站: | vulfocus |
| 题目链接: | https://vulfocus.cn |
| 赛事: | None |
| 年度: | None |
| Flag值: | rO0ABXNyACNjb20uc3VuLnN5bmRpY2F0aW9uLmZlZWQuaW1wbC5JdGVtIQAAAAAAAAABAgADTAAHY29udGVudHQAJUxjb20vc3VuL3N5bmRpY2F0aW9uL2ZlZWQvaW1wbC9Db250ZW50O0wACmNyZWF0ZWRJZHQAEkxqYXZhL2xhbmcvU3RyaW5nO0wACHVwZGF0ZWRJZHEAfgACeHBzcgAjY29tLnN1bi5zeW5kaWNhdGlvbi5mZWVkLmltcGwuQ29udGVudAAAAAAAAAABAgAAeHIAHWNvbS5zdW4uc3luZGljYXRpb24uZmVlZC5XaXJlAQAAADhZJQqMAgACTAAKY2hhcnNldE5hbWVxAH4AAkwACmNvbnRlbnRUeXBlcQB+AAJMAAV2YWx1ZXEAfgACeHB0AAd1dGYtOHQAJWFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZHQAAHN3ZWNvbWUgdG8gdm9sZnVybDAxMjN0AAB1 |
| writeup: |
citation:2][citation:15] https://forum.butian.net/index.php/share/676 |