Visualware MyConnection Server doPostUploadfiles 目录遍历远程代码执行漏洞

该 RCE 漏洞允许攻击者在 MyConnection Server 上执行任意代码，从而获得对系统的完全控制权。攻击者可以窃取敏感数据，例如用户凭据、财务信息和知识产权。此外，攻击者还可以利用该漏洞进行横向移动，攻击网络中的其他系统。由于身份验证机制可以被绕过，因此该漏洞的潜在影响范围非常广泛，可能导致严重的业务中断和数据泄露。该漏洞的利用方式类似于其他目录遍历漏洞，攻击者可以通过精心构造的请求来访问服务器上的任意文件。

Organizations utilizing MyConnection Server for document management or collaboration are at risk. Specifically, deployments with weak authentication policies or those that allow unrestricted file uploads are particularly vulnerable. Shared hosting environments where multiple users share the same server instance are also at increased risk, as a compromise of one user could potentially lead to a compromise of the entire server.

• windows / server: Monitor event logs for unusual process creation events, particularly those involving file uploads or execution. Use Sysinternals Process Monitor to track file access patterns related to the MyConnection Server process. • linux / server: Use auditd to monitor file access and modification events related to the MyConnection Server installation directory. Filter journalctl for errors or warnings related to file uploads. • generic web: Monitor access logs for requests containing suspicious file extensions or unusual characters in the file path. Use curl to test file upload endpoints with various payloads to identify potential vulnerabilities. • database (mysql, redis, mongodb, postgresql): N/A - This vulnerability does not directly impact database systems. • other: Review Visualware's security advisories and documentation for specific detection signatures or recommendations.

1. 2024-05-03Disclosure

   disclosure

1. 已保留2023-09-06
2. 发布日期2024-05-03
3. 修改日期2024-08-02
4. EPSS 更新日期2026-04-02

目前，Visualware 尚未发布官方补丁。作为临时缓解措施，建议禁用 MyConnection Server 的文件上传功能，或者限制上传文件的目录。此外，可以考虑使用 Web 应用防火墙 (WAF) 来过滤恶意请求，并监控服务器上的日志文件，以检测可疑活动。如果无法立即升级，请确保对服务器进行严格的访问控制，并定期备份数据。升级后，请验证修复是否有效，确认文件上传功能已恢复正常，且不再存在目录遍历漏洞。