Lucene search
RootSSV:60974HistoryAug 27, 2013 - 12:00 a.m.
Apache OFBiz嵌套表达式任意UEL执行漏洞
2013-08-2700:00:00
Root
www.seebug.org
13
0.007 Low
EPSS
Percentile
77.4%
Bugtraq ID:61369
CVE ID:CVE-2013-2250
Apache OFBiz是一款开源的ERP系统
Apache OFBiz没有正确校验参数值,如果提供的参数包含JUEL元字符,可导致执行任意统一表达式语言(UEL)函数
0
Apache OFBiz 10.04.01 - 10.04.05
Apache OFBiz 11.04.01 - 11.04.02
Apache OFBiz 12.04.01
厂商解决方案
Apache OFBiz 10.04.06, 11.04.03或12.04.02已经修复此漏洞,建议用户下载更新:
http://ofbiz.apache.org/
Related
prion
prion
Open redirect
2013-08-15 16:55:00
nessus
nessus
Apache OFBiz Nested Expression Arbitrary UEL Function Execution
2013-07-29 00:00:00
cve
cve
CVE-2013-2250
2013-08-15 16:55:00
securityvulns
securityvulns