com.aliyun.sdk.service.sas20181203.models

类 DescribeVulDetailsResponseBody.Cves.Builder

java.lang.Object

com.aliyun.sdk.service.sas20181203.models.DescribeVulDetailsResponseBody.Cves.Builder

封闭类:

DescribeVulDetailsResponseBody.Cves

public static final class DescribeVulDetailsResponseBody.Cves.Builder
extends Object

方法概要

限定符和类型	方法和说明
DescribeVulDetailsResponseBody.Cves	build()
DescribeVulDetailsResponseBody.Cves.Builder	classify(String classify) The type of the vulnerability.
DescribeVulDetailsResponseBody.Cves.Builder	classifys(List<DescribeVulDetailsResponseBody.Classifys> classifys) The vulnerability types.
DescribeVulDetailsResponseBody.Cves.Builder	cnvdId(String cnvdId) The China National Vulnerability Database (CNVD) ID.
DescribeVulDetailsResponseBody.Cves.Builder	complexity(String complexity) The difficulty level of exploiting the vulnerability.
DescribeVulDetailsResponseBody.Cves.Builder	content(String content) The CVE content.
DescribeVulDetailsResponseBody.Cves.Builder	cveId(String cveId) The Common Vulnerabilities and Exposures (CVE) ID.
DescribeVulDetailsResponseBody.Cves.Builder	cveLink(String cveLink) The link to the CVE details.
DescribeVulDetailsResponseBody.Cves.Builder	cvssScore(String cvssScore) The Common Vulnerability Scoring System (CVSS) score of the vulnerability in the Alibaba Cloud vulnerability library.
DescribeVulDetailsResponseBody.Cves.Builder	cvssVector(String cvssVector) The vector that is used to calculate the CVSS score.
DescribeVulDetailsResponseBody.Cves.Builder	instanceName(String instanceName) The name of the instance.
DescribeVulDetailsResponseBody.Cves.Builder	internetIp(String internetIp) The public IP address of the server.
DescribeVulDetailsResponseBody.Cves.Builder	intranetIp(String intranetIp) The private IP address of the server.
DescribeVulDetailsResponseBody.Cves.Builder	otherId(String otherId) The ID of the vulnerability.
DescribeVulDetailsResponseBody.Cves.Builder	poc(String poc) The POC content.
DescribeVulDetailsResponseBody.Cves.Builder	pocCreateTime(Long pocCreateTime) The UNIX timestamp when the proof of concept (POC) was created.
DescribeVulDetailsResponseBody.Cves.Builder	pocDisclosureTime(Long pocDisclosureTime) The UNIX timestamp when the POC was disclosed.
DescribeVulDetailsResponseBody.Cves.Builder	product(String product) The service that is affected by the vulnerability.
DescribeVulDetailsResponseBody.Cves.Builder	reference(String reference) The reference of the vulnerability in the Alibaba Cloud vulnerability library.
DescribeVulDetailsResponseBody.Cves.Builder	releaseTime(Long releaseTime) The disclosure time that is displayed for the vulnerability in the Alibaba Cloud vulnerability library.
DescribeVulDetailsResponseBody.Cves.Builder	solution(String solution) The fixing suggestions of the vulnerability.
DescribeVulDetailsResponseBody.Cves.Builder	summary(String summary) The introduction to the vulnerability.
DescribeVulDetailsResponseBody.Cves.Builder	targetId(String targetId) The ID of the asset that is scanned.
DescribeVulDetailsResponseBody.Cves.Builder	targetName(String targetName) The name of the asset that is scanned.
DescribeVulDetailsResponseBody.Cves.Builder	title(String title) The title of the vulnerability announcement.
DescribeVulDetailsResponseBody.Cves.Builder	vendor(String vendor) The vendor that disclosed the vulnerability.
DescribeVulDetailsResponseBody.Cves.Builder	vulLevel(String vulLevel) The severity of the vulnerability.

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

方法详细资料

classify

public DescribeVulDetailsResponseBody.Cves.Builder classify(String classify)

The type of the vulnerability.

example:

remote_code_execution

classifys

public DescribeVulDetailsResponseBody.Cves.Builder classifys(List<DescribeVulDetailsResponseBody.Classifys> classifys)

The vulnerability types.

cnvdId

public DescribeVulDetailsResponseBody.Cves.Builder cnvdId(String cnvdId)

The China National Vulnerability Database (CNVD) ID.

example:

CNVD-2019-9167

complexity

public DescribeVulDetailsResponseBody.Cves.Builder complexity(String complexity)

The difficulty level of exploiting the vulnerability. Valid values:

• LOW
• MEDIUM
• HIGH

example:

LOW

content

public DescribeVulDetailsResponseBody.Cves.Builder content(String content)

The CVE content.

example:

Apache Shiro is a user authentication and authorization framework for a wide range of rights management applications.↵Recently, Apache Shiro released version 1.7.0, which fixes the Apache Shiro authentication bypass vulnerability (CVE-2020-17510).↵Attackers can bypass Shiro"s authentication using malicious requests containing payloads.↵↵Related bugs:↵CVE-2020-17510 Shiro < 1.7.0 Validation Bypass Vulnerability↵CVE-2020-13933 Shiro < 1.6.0 Validation Bypass Vulnerability↵CVE-2020-11989 Shiro < 1.5.3 Validation Bypass Vulnerability↵CVE-2020-1957 Shiro < 1.5.2 Validation Bypass Vulnerability↵CVE-2016-6802 Shiro < 1.3.2 Validation Bypass Vulnerability Check whether the fastjson version currently running on the system is in the affected version and whether safeMode is configured to disable autoType. If it is in the affected version and safeMode is not configured to disable autoType, the vulnerability is considered to exist.

cveId

public DescribeVulDetailsResponseBody.Cves.Builder cveId(String cveId)

The Common Vulnerabilities and Exposures (CVE) ID.

example:

CVE-2019-9167

cveLink

public DescribeVulDetailsResponseBody.Cves.Builder cveLink(String cveLink)

The link to the CVE details.

example:

https://avd.aliyun.com/detail/CVE-2022-1184

cvssScore

public DescribeVulDetailsResponseBody.Cves.Builder cvssScore(String cvssScore)

The Common Vulnerability Scoring System (CVSS) score of the vulnerability in the Alibaba Cloud vulnerability library.

example:

10.0

cvssVector

public DescribeVulDetailsResponseBody.Cves.Builder cvssVector(String cvssVector)

The vector that is used to calculate the CVSS score.

example:

AV:N/AC:L/Au:N/C:C/I:C/A:C

instanceName

public DescribeVulDetailsResponseBody.Cves.Builder instanceName(String instanceName)

The name of the instance.

This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.

example:

sql-test-001

internetIp

public DescribeVulDetailsResponseBody.Cves.Builder internetIp(String internetIp)

The public IP address of the server.

This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.

example:

47.114.XX.XX

intranetIp

public DescribeVulDetailsResponseBody.Cves.Builder intranetIp(String intranetIp)

The private IP address of the server.

This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.

example:

172.19.XX.XX

otherId

public DescribeVulDetailsResponseBody.Cves.Builder otherId(String otherId)

The ID of the vulnerability.

example:

CVE-2020-8597

poc

public DescribeVulDetailsResponseBody.Cves.Builder poc(String poc)

The POC content.

pocCreateTime

public DescribeVulDetailsResponseBody.Cves.Builder pocCreateTime(Long pocCreateTime)

The UNIX timestamp when the proof of concept (POC) was created. Unit: milliseconds.

example:

1554189334000

pocDisclosureTime

public DescribeVulDetailsResponseBody.Cves.Builder pocDisclosureTime(Long pocDisclosureTime)

The UNIX timestamp when the POC was disclosed. Unit: milliseconds.

example:

1554189334000

product

public DescribeVulDetailsResponseBody.Cves.Builder product(String product)

The service that is affected by the vulnerability.

example:

Log4j2

reference

public DescribeVulDetailsResponseBody.Cves.Builder reference(String reference)

The reference of the vulnerability in the Alibaba Cloud vulnerability library. The value is a URL.

example:

https://example.com

releaseTime

public DescribeVulDetailsResponseBody.Cves.Builder releaseTime(Long releaseTime)

The disclosure time that is displayed for the vulnerability in the Alibaba Cloud vulnerability library. The value is a UNIX timestamp. Unit: milliseconds.

example:

1554189334000

solution

public DescribeVulDetailsResponseBody.Cves.Builder solution(String solution)

The fixing suggestions of the vulnerability.

example:

At present, Chanjet has urgently released a vulnerability patch to fix the vulnerability. CNVD recommends affected units and users to upgrade to the latest version immediately:

↵

https://www.chanjetvip.com/product/goods/goods-detail?id=53aaa40295d458e44f5d3ce5

↵

At the same time, organizations and users affected by the vulnerability are requested to immediately follow the steps below to conduct self-inspection and repair work:

↵

↵

1. User self-check steps:↵
   Check whether website/bin/load.aspx.cdcab7d2.compiled, website/bin/App_Web_load.aspx.cdcab7d2.dll, and tplus/Load.aspx files exist locally. If they exist, it means that they have been poisoned, and you must reinstall the system and install the product. patch.

   ↵
↵

2. Non-poisoned users please:↵
   1) Update the latest product patch.↵
   2) Install anti-virus software and update the virus database in time.↵
   3) Upgrade the lower version of IIS and Nginx to IIS10.0 and Windows 2016.↵
   4) Local installation customers need to confirm whether the backup file is complete as soon as possible, and do off-site backup. Customers on the cloud should enable the mirroring function in time.↵
   5) Users who fail to update the patch in time can contact Chanjet technical support and take temporary preventive measures such as deleting files.

   ↵
↵

3. Poisoned users please:↵
   1) Check whether the server has taken regular snapshots or backups. If so, you can restore data through snapshots or backups.↵
   2) Contact Chanjet technical support to confirm whether it has the conditions and operation methods to restore data from backup files.

   ↵
↵

↵

If you have any technical problems, please contact Chanjet technical support: 4006600566-9

summary

public DescribeVulDetailsResponseBody.Cves.Builder summary(String summary)

The introduction to the vulnerability.

example:

Chanjet T-Plus is an Internet business management software. There is an unauthorized access vulnerability in one of its interfaces disclosed on the Internet. Attackers can construct malicious requests to upload malicious files to execute arbitrary code and control the server.

targetId

public DescribeVulDetailsResponseBody.Cves.Builder targetId(String targetId)

The ID of the asset that is scanned.

This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.

example:

m-bp17m0pc0xprzbwo****

targetName

public DescribeVulDetailsResponseBody.Cves.Builder targetName(String targetName)

The name of the asset that is scanned.

This parameter is deprecated. You can call the DescribeVulList operation to query the instance that is affected by the vulnerability.

example:

frontend

title

public DescribeVulDetailsResponseBody.Cves.Builder title(String title)

The title of the vulnerability announcement.

example:

Chanjet T-Plus SetupAccount/Upload. Aspx file upload vulnerability(CNVD-2022-60632)

vendor

public DescribeVulDetailsResponseBody.Cves.Builder vendor(String vendor)

The vendor that disclosed the vulnerability.

example:

Apache

vulLevel

public DescribeVulDetailsResponseBody.Cves.Builder vulLevel(String vulLevel)

The severity of the vulnerability. Valid values:

• serious
• high
• medium
• low

example:

serious

build

public DescribeVulDetailsResponseBody.Cves build()