Skip to main content

8. What common middleware vulnerabilities are you aware of?

  • IIS: PUT vulnerability, short file name guessing, remote code execution, parsing vulnerabilities.
  • Apache: Parsing vulnerabilities, directory traversal.
  • Nginx: File parsing vulnerabilities, directory traversal, CRLF injection, path traversal.
  • Tomcat: Remote code execution, deployment of WAR backdoor files.
  • JBoss: Deserialisation vulnerabilities, deployment of WAR backdoor files.
  • WebLogic: Deserialisation vulnerabilities, SSRF, arbitrary file upload, deployment of WAR backdoor files.