SoftNAS Cloud Éí·ÝÑéÖ¤Èƹý·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-03-21

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºÔÝÎÞ£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°ÏìÁìÓò


ÊÜÓ°Ïì°æ±¾£º 

SoftNAS Cloud 4.2.0ºÍ4.2.1


·ì϶¸ÅÊö


SoftNAS Cloud£¨R£©Êý¾Ý´æ´¢Æ½Ì¨Öз¢ÏÖ·ì϶¡£NGINXĬÈÏÅäÖÃÎļþÓµÓв鳭ÒÔÑéÖ¤Óû§cookieµÄ״̬¡£ÈôÊÇδÉèÖã¬Ôò½«Óû§³Á¶¨Ïòµ½µÇ¼ҳÃæ¡ £¿ÉÒÔΪ´ËcookieÌṩËÁÒâÖµ£¬ÒÔ±ãÔÚûÓÐÓÐЧÓû§Í´´¦µÄÇé¿öϽӼûWeb½çÃæ¡£ÈôÊÇ¿Í»§Î´×ñÑ­SoftNAS²¿Êð×î¼Ñʵ¼Ê²¢½«SoftNAS StorageCenter£¨R£©¶Ë¿ÚÖ±½Ó¶³ö¸øInternet£¬Ôò´Ë·ì϶ÔÊÐí¹¥»÷Õß½Ó¼ûWebadmin½çÃæÒÔ´´½¨ÐÂÓû§»òʹÓÃÖÎÀíȨÏÞÖ´ÐÐËÁÒâºÅÁ´Ó¶øΣ¼°Æ½Ì¨ºÍÊý¾Ý¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼½â¾öÉÏÊö·ì϶µÄ²¹¶¡£¬Çë¸üÐÂÖÁ4.2.2°æ±¾¡£


²Î¿¼Á´½Ó


https://www.csoonline.com/article/3375199/softnas-cloud-0day-found-upgrade-asap.html#tk.rss_all

https://www.digitaldefense.com/blog/2019-softnas-cloud-zero-day-blog/