![](https://img-blog.csdnimg.cn/20201014180756927.png?x-oss-process=image/resize,m_fixed,h_64,w_64)
漏洞
zenglingmin8
这个作者很懒,什么都没留下…
展开
-
Session Cookies Not Marked as Secure
漏洞扫描结果: Session Cookies Not Marked as Secure 详细描述信息: Session cookies for the application are not set secure and may be sent in clear text when a user surfs to non-HTTPS links within the application. It may be possible for an attacker to steal sensitive use原创 2021-05-28 23:56:09 · 929 阅读 · 0 评论 -
Weak SSL Version、SSL Weak Cipher Suites Supported
漏洞扫描结果: Severity:Medium Vulnerability:Weak SSL Version (SSLv2, SSL v3, TLS v1.0 and TLS v1.1)、SSL Weak Cipher Suites Supported 这个漏洞的原因就是ssl版本太低。 检查了自己架构之后,发现问题出在nginx上,于是对nginx的ssl版本进行调整。针对不同版本的nginx的ssl配置,参考: https://ssl-config.mozilla.org/#server=nginx&a原创 2021-05-28 23:36:37 · 1928 阅读 · 0 评论 -
Upload Function Can be Used to Upload Malicious Files
漏洞扫描结果: Severity:High Upload Function Can be Used to Upload Malicious Files 解决方法: 禁止可疑的上传文件格式和危险的请求方式,location添加一些适当的策略 server { listen 8888; server_name xxxx.xxxx.com; #charset koi8-r; #access_log logs/host.access原创 2021-05-28 19:06:37 · 198 阅读 · 0 评论