漏洞
zenglingmin8
这个作者很懒,什么都没留下…
展开
-
Session Cookies Not Marked as Secure
漏洞扫描结果:Session Cookies Not Marked as Secure详细描述信息:Session cookies for the application are not set secure and may be sent in clear text when a user surfs to non-HTTPS links within the application. It may be possible for an attacker to steal sensitive use原创 2021-05-28 23:56:09 · 877 阅读 · 0 评论 -
Weak SSL Version、SSL Weak Cipher Suites Supported
漏洞扫描结果:Severity:MediumVulnerability:Weak SSL Version (SSLv2, SSL v3, TLS v1.0 and TLS v1.1)、SSL Weak Cipher Suites Supported这个漏洞的原因就是ssl版本太低。检查了自己架构之后,发现问题出在nginx上,于是对nginx的ssl版本进行调整。针对不同版本的nginx的ssl配置,参考:https://ssl-config.mozilla.org/#server=nginx&a原创 2021-05-28 23:36:37 · 1879 阅读 · 0 评论 -
Upload Function Can be Used to Upload Malicious Files
漏洞扫描结果:Severity:HighUpload Function Can be Used to Upload Malicious Files解决方法:禁止可疑的上传文件格式和危险的请求方式,location添加一些适当的策略server { listen 8888; server_name xxxx.xxxx.com; #charset koi8-r; #access_log logs/host.access原创 2021-05-28 19:06:37 · 188 阅读 · 0 评论