CVE on PolloChang 工作筆記 http://pollochang.work/tags/cve/ Recent content in CVE on PolloChang 工作筆記 Hugo -- gohugo.io zh-TW © 2026 PolloChang Mon, 30 Jun 2025 23:20:15 +0800 修補 CVE-2025-26465 http://pollochang.work/worknot/fix-cve-2025-26465/ Mon, 30 Jun 2025 23:20:15 +0800 http://pollochang.work/worknot/fix-cve-2025-26465/ <p>修補 CVE-2025-26465 方式</p> <h1 class="relative group">CVE-2025-26465 <div id="cve-2025-26465" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#cve-2025-26465" aria-label="定位點">#</a> </span> </h1> <p>OpenSSH 是一套基於 SSH 協定的安全網路實用程式,這對於透過不安全網路進行通訊至關重要,可提供強大的加密功能以確保隱私與安全檔案傳輸,使其成為遠端伺服器管理和安全資料通訊的重要工具。OpenSSH以其廣泛的安全性和身分驗證功能而聞名,支援各種加密技術,並且是多個類 Unix 系統(包括 macOS 和 Linux)的標準配置。OpenSSH 官方於 2025 年 2 月 18 日發布新版本 9.9p2,修補以下兩個漏洞:</p> 修補 CVE-2023-41080 http://pollochang.work/worknot/fix-cve-2023-41080/ Wed, 13 Nov 2024 00:08:28 +0800 http://pollochang.work/worknot/fix-cve-2023-41080/ <ul> <li>URL: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080" target="_blank" rel="noreferrer">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080</a></li> </ul> <h2 class="relative group">contentDescription <div id="contentdescription" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#contentdescription" aria-label="定位點">#</a> </span> </h2> <div class="highlight-wrapper"><div class="highlight"><div style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"> <table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1 </span></code></pre></td> <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>URL Redirection to Untrusted Site (&#39;Open Redirect&#39;) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.</span></span></code></pre></td></tr></table> </div> </div></div> <h2 class="relative group">處理方式 <div id="處理方式" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#%e8%99%95%e7%90%86%e6%96%b9%e5%bc%8f" aria-label="定位點">#</a> </span> </h2> <ul> <li>調查tomcat version</li> </ul> <div class="highlight-wrapper"><div class="highlight"><div style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"> <table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1 </span></code></pre></td> <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-text" data-lang="text"><span style="display:flex;"><span>sudo ls -l /home/tomcat/apache-tomcat*</span></span></code></pre></td></tr></table> </div> </div></div> <ul> <li>升級 tomcat</li> </ul> 修補 CVE-2023-48795 http://pollochang.work/worknot/fix-cve-2023-48795/ Thu, 06 Jun 2024 23:20:15 +0800 http://pollochang.work/worknot/fix-cve-2023-48795/ <p>修補 CVE-2023-48795 方式</p> <h2 class="relative group">系統環境 <div id="系統環境" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#%e7%b3%bb%e7%b5%b1%e7%92%b0%e5%a2%83" aria-label="定位點">#</a> </span> </h2> <ul> <li>OS: Rocky Linux 8</li> </ul> <h2 class="relative group">檢測方式 <div id="檢測方式" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#%e6%aa%a2%e6%b8%ac%e6%96%b9%e5%bc%8f" aria-label="定位點">#</a> </span> </h2> <p>使用有風險的加密方式登入,無法登入則驗證通過</p>