Ridge Security annuncia la nuova release 3.9.4, con a bordo una nuova plugin library 3.31.X – 3.33.x.
I nuovi plugin che hanno migliorato ulteriormente la capacità di RidgeBot nel rilevamento e nello sfruttamento delle vulnerabilità, inclusa quella relativa a Spring4Shell, sono 22, di seguito elencati:
Nuovi
Plugin
| New Application Scan Plugins | New Exploit Plugins |
|---|---|
| Zabbix SAML SSO Authentication Bypass (CVE-2022-23131) | Mojarra JSF ViewState Deserialization Exploit |
| Apache APISIX Remote Command Execution (CVE-2022-24112) | Spring Cloud Gateway Remote Code Execution Exploit (CVE-2022-22947)) |
| Spring Cloud Gateway Remote Code Execution (CVE-2022-22947) | Apache APISIX Remote Command Execution Exploit (CVE-2022-24112) |
| Mojarra JSF ViewState Deserialization | Apache Solr Remote Code Execution Exploit (CVE-2020-13957) |
| Apache Solr Remote Code Execution (CVE-2020-13957) | Apache Unomi Remote Code Execution Exploit (CVE-2020-13942) |
| Nexus Repository Manager 2.x Remote Command Execution (CVE-2019-5475) | Apache Solr 'DatalmportHandler' Remote Code Execution Exploit (CVE-2019-0193) |
| Nexus Weak Password | Apache Flink Upload Path Traversal Exploit (CVE-2020-17518); Nexus Repository Manager 2.x Remote Command Execution Exploit (CVE-2019-5475) |
| Spring Framework Remote Code Execution (CVE-2022-22965) | XStream Remote Command Execution Exploit (CVE-2020-26217) |
| XStream Remote Command Execution (CVE-2020-26217) | Spring Framework Remote Code Execution Exploit (CVE-2022-22965) |
| Spring Cloud Function SpEL RCE | Spring Cloud Function SpEL RCE Exploit; SMB Directory Read |