{"id":26369,"date":"2023-07-19T18:12:39","date_gmt":"2023-07-19T10:12:39","guid":{"rendered":"https:\/\/www.juejinka.com\/?p=26369"},"modified":"2023-07-19T18:12:39","modified_gmt":"2023-07-19T10:12:39","slug":"%e9%bb%91%e5%ae%a2%e6%94%bb%e9%99%b7adobe-coldfusion%e4%b8%8ecitrix-netscaler%e7%9a%84%e9%9b%b6%e6%97%b6%e5%b7%ae%e6%bc%8f%e6%b4%9e","status":"publish","type":"post","link":"https:\/\/www.juejinka.com\/y\/26369.html","title":{"rendered":"\u9ed1\u5ba2\u653b\u9677Adobe ColdFusion\u4e0eCitrix NetScaler\u7684\u96f6\u65f6\u5dee\u6f0f\u6d1e"},"content":{"rendered":"\n<p>Rapid7\u4e8e\u672c\u5468\u63d0\u9192\uff0c\u9a87\u5ba2\u5df2\u7ecf\u653b\u9677\u4e86Adobe ColdFusion\u4e0eCitrix NetScaler\u7684\u96f6\u65f6\u5dee\u6f0f\u6d1e\uff0c\u547c\u5401\u7528\u6237\u5e94\u63d0\u9ad8\u8b66\u89c9\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"960\" height=\"420\" src=\"https:\/\/www.juejinka.com\/news\/wp-content\/uploads\/2023\/07\/2023071910123046.png\" alt=\"\" class=\"wp-image-26370\"\/><\/figure>\n\n\n\n<p>\u5176\u4e2d\uff0cCitrix\u662f\u5728\u672c\u5468\u4e8c\uff087\/18\uff09\u4fee\u8865\u4e86NetScaler ADC\u4e0eNetScaler Gateway\u88c5\u7f6e\u4e0a\u76843\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5206\u522b\u662f\u8de8\u7ad9\u653b\u51fb\u6f0f\u6d1eCVE-2023-3466\u3001\u6743\u9650\u6269\u5f20\u6f0f\u6d1eCVE-2023-3467\uff0c\u4ee5\u53ca\u672a\u7ecf\u8eab\u5206\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u7a0b\u5e8f\u653b\u51fb\u6f0f\u6d1eCVE-2023-3519\uff0c \u800cCVE-2023-3519\u7684CVSS\u98ce\u9669\u8bc4\u5206\u9ad8\u8fbe9.8\uff0c\u4e5f\u5df2\u906d\u5230\u9ed1\u5ba2\u653b\u9677\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" class=\"alignnone size-full wp-image-26372\" src=\"https:\/\/www.juejinka.com\/news\/wp-content\/uploads\/2023\/07\/0719-citrix-patch-cyber-bulletin-600-1.png\" width=\"1280\" height=\"652\" alt=\"\" \/><\/figure>\n\n\n\n<p>\u6b64\u5916\uff0c\u5df2\u7ed3\u675f\u751f\u547d\u5468\u671f\u7684NetScaler ADC\u4e0eNetScaler Gateway 12.1\u7248\u672c\u4e5f\u53d7\u5230\u6ce2\u53ca\uff0c\u4f7f\u5f97Citrix\u547c\u5401\u7528\u6237\u5e94\u5347\u7ea7\u88c5\u7f6e\u4ee5\u4fee\u8865\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<p>Rapid7\u6307\u51fa\uff0c\u53ea\u8981\u662f\u914d\u7f6e\u4e3aGateway\u6216AAA\u865a\u62df\u670d\u52a1\u5668\uff0c\u90fd\u5c06\u53d7\u5230CVE-2023-3519\u6f0f\u6d1e\u7684\u5f71\u54cd\uff0c\u800c\u4e14\u5b83\u5c06\u6210\u4e3a\u5404\u79cd\u7b49\u7ea7\u9a87\u5ba2\u7684\u70ed\u95e8\u653b\u51fb\u76ee\u6807\uff0c\u9884\u671f\u653b\u51fb\u884c\u52a8\u5c06\u8fc5\u901f\u589e\u52a0\uff0c\u5f3a\u70c8\u5efa\u8bae\u7528\u6237\u7d27\u6025\u66f4\u65b0\u3002<\/p>\n\n\n\n<p>\u81f3\u4e8eAdobe\u7684\u72b6\u51b5\u5219\u76f8\u5bf9\u590d\u6742\u3002 Adobe\u5728\u4eca\u5e747\u670811\u65e5\u9488\u5bf9\u65d7\u4e0b\u5e94\u7528\u7a0b\u5e8f\u5feb\u901f\u5f00\u53d1\u5e73\u53f0ColdFusion\u91ca\u51fa\u4e86\u5b89\u5168\u66f4\u65b0\uff0c\u4fee\u8865\u5b58\u53d6\u63a7\u5236\u6f0f\u6d1eCVE-2023-29298\uff08CVSS 7.5\uff09\uff0c\u53ef\u9020\u6210\u7a0b\u5e8f\u653b\u51fb\u7684\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1eCVE-2023-29300\uff08CVSS 9.8\uff09\uff0c\u4ee5\u53ca\u53e6\u4e00\u4e2a\u6d89\u53ca\u53ef\u7ed5\u8fc7\u5b89\u5168\u529f\u80fd\u7684CVE-2023-29301\u6f0f\u6d1e\uff08CVSS 5.9\uff09\u3002 \u800cProject Discovery\u9694\u5929\u5c31\u53d1\u5e03\u4e86CVE-2023-29300\u6f0f\u6d1e\u7684\u7ec6\u8282\u4e0e\u6982\u5ff5\u6027\u9a8c\u8bc1\u653b\u51fb\u7a0b\u5e8f\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" class=\"alignnone size-full wp-image-26377\" src=\"https:\/\/www.juejinka.com\/news\/wp-content\/uploads\/2023\/07\/0719-Adobe-fixes-ColdFusion-July-11-600.png\" width=\"775\" height=\"614\" alt=\"\" \/><\/figure>\n\n\n\n<p>\u7136\u800c\uff0cRapid7\u5728\u4eca\u5e74\u76847\u670813\u65e5\u89c2\u5bdf\u5230\uff0c\u67d0\u4e9b\u5ba2\u6237\u73af\u5883\u4e2d\u7684Adobe ColdFusion\u906d\u5230\u9ed1\u5ba2\u653b\u51fb\uff0c\u9ed1\u5ba2\u4e32\u8fde\u4e86Adobe\u4e8e7\u670811\u65e5\u4fee\u8865\u7684CVE-2023-29298\u53ca\u53e6\u4e00\u4e2a\u4e0d\u660e\u6f0f\u6d1e\u5c55\u5f00\u653b\u51fb\uff0cRapid7\u53d1\u73b0\u9488\u5bf9\u8be5\u4e0d\u660e\u6f0f\u6d1e\u7684\u653b\u51fb\u884c\u4e3a\u4e0eProject Discovery\u7684\u63cf\u8ff0\u4e00\u81f4\u3002<\/p>\n\n\n\n<p>\u9a87\u5ba2\u5f97\u4ee5\u6210\u529f\u653b\u51fb\u7684\u539f\u56e0\u6709\u4e8c\uff0c\u4e00\u662fAdobe\u9488\u5bf9CVE-2023-29298\u7684\u4fee\u8865\u5e76\u4e0d\u5b8c\u5168\uff0c\u9a87\u5ba2\u53ea\u8981\u7a0d\u5fae\u4fee\u6539\u653b\u51fb\u7a0b\u5e8f\u5c31\u80fd\u653b\u9677\u6700\u65b0\u7248\u7684ColdFusion\u3002<\/p>\n\n\n\n<p>\u5176\u6b21\u5219\u4e0e\u7b2c\u4e8c\u4e2a\u5b89\u5168\u6f0f\u6d1e\u6709\u5173\u3002 Rapid7\u76f8\u4fe1Project Discovery\u5728\u89e3\u91caCVE-2023-29300\u65f6\uff0c\u65e0\u610f\u4e2d\u63ed\u9732\u4e86\u4e00\u4e2a\u65b0\u7684\u96f6\u65f6\u5dee\u6f0f\u6d1eCVE-2023-38203\uff0c\u5b83\u4e0eCVE-2023-29300\u540c\u6837\u5c5e\u4e8e\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u5141\u8bb8\u4efb\u610f\u7a0b\u5e8f\u653b\u51fb\uff0c\u5176CVSS\u98ce\u9669\u8bc4\u5206\u4e5f\u9ad8\u8fbe9.8\u3002 \u800cAdobe\u5219\u662f\u57287\u670814\u65e5\u4fee\u8865\u4e86CVE-2023-38203\u3002<\/p>\n\n\n\n<p>\u76ee\u524dAdobe\u6b63\u5728\u91cd\u65b0\u6253\u9020CVE-2023-29298\u7684\u4fee\u8865\u7a0b\u5e8f\uff0c\u800cRapid7\u5219\u8bf4\uff0c\u73b0\u9636\u6bb5\u6240\u770b\u5230\u7684\u653b\u51fb\u884c\u52a8\u90fd\u5fc5\u987b\u4ef0\u8d56CVE-2023-38203\u4ee5\u4e8e\u53d7\u5bb3\u7cfb\u7edf\u4e0a\u6267\u884c\u7a0b\u5e8f\uff0cColdFusion\u7528\u6237\u53ea\u8981\u90e8\u7f72\u4e86CVE-2023-38203\u8865\u8865\u7a0b\u5e8f\u5e94\u53ef\u907f\u514d\u9ed1\u5ba2\u4e32\u8fde\u8fd9\u4e24\u4e2a\u6f0f\u6d1e\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rapid7\u4e8e\u672c\u5468\u63d0\u9192\uff0c\u9a87\u5ba2\u5df2\u7ecf\u653b\u9677\u4e86Adobe ColdFusion\u4e0eCitrix NetScaler\u7684\u96f6\u65f6\u5dee\u6f0f\u6d1e\uff0c\u547c\u5401\u7528\u6237\u5e94\u63d0\u9ad8\u8b66\u89c9\u3002 \u5176\u4e2d\uff0cCitrix\u662f\u5728\u672c\u5468\u4e8c\uff087\/18\uff09&#8230;<\/p>\n","protected":false},"author":7,"featured_media":26372,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"special":[],"_links":{"self":[{"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/posts\/26369"}],"collection":[{"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/comments?post=26369"}],"version-history":[{"count":1,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/posts\/26369\/revisions"}],"predecessor-version":[{"id":26378,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/posts\/26369\/revisions\/26378"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/media\/26372"}],"wp:attachment":[{"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/media?parent=26369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/categories?post=26369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/tags?post=26369"},{"taxonomy":"special","embeddable":true,"href":"https:\/\/www.juejinka.com\/news\/wp-json\/wp\/v2\/special?post=26369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}