8. What common middleware vulnerabilities are you aware of?
- IIS: PUT vulnerability, short file name guessing, remote code execution, parsing vulnerabilities.
- Apache: Parsing vulnerabilities, directory traversal.
- Nginx: File parsing vulnerabilities, directory traversal, CRLF injection, path traversal.
- Tomcat: Remote code execution, deployment of WAR backdoor files.
- JBoss: Deserialisation vulnerabilities, deployment of WAR backdoor files.
- WebLogic: Deserialisation vulnerabilities, SSRF, arbitrary file upload, deployment of WAR backdoor files.