{"id":11071,"date":"2015-01-26T14:00:28","date_gmt":"2015-01-26T06:00:28","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=11071"},"modified":"2015-01-27T16:12:44","modified_gmt":"2015-01-27T08:12:44","slug":"%e5%be%9e-2014-%e5%b9%b4%e6%bc%8f%e6%b4%9e%e5%ad%b8%e5%88%b0%e4%bb%80%e9%ba%bc","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=11071","title":{"rendered":"\u5f9e 2014 \u5e74\u6f0f\u6d1e,\u5b78\u5230\u4ec0\u9ebc?"},"content":{"rendered":"<p>\u96a8\u8457\u65b0\u5e74\u6176\u795d\u6d3b\u52d5\u5b89\u5168\u5730\u904e\u53bb\uff0c\u662f\u6642\u5019\u5411\u524d\u770b\uff0c\u4e26\u958b\u59cb\u898f\u52832015\u4e86\u3002\u4f46\u5728\u9019\u6a23\u505a\u4e4b\u524d\uff0c\u8b93\u6211\u5011\u82b1\u4e0a\u5e7e\u5206\u9418\u8a18\u4f4f2014\u5e74\u7684\u6f0f\u6d1e\uff0c\u53ca\u6211\u5011\u53ef\u4ee5\u5f9e\u4e2d\u5b78\u5230\u4ec0\u9ebc\u3002<\/p>\n<p>\u6bcf\u5e74\u90fd\u6703\u51fa\u73fe\u5e7e\u500b\u96f6\u6642\u5dee\u6f0f\u6d1e\u548c\u5927\u91cf\u4f86\u81ea\u8edf\u9ad4\u5ee0\u5546\u7684\u6f0f\u6d1e\u4fee\u5fa9\u7a0b\u5f0f\u3002\u4eca\u5e74\u6709\u4e9b\u4e0d\u540c\uff1a<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>\u6bcf\u5e74\u6240\u62ab\u9732\u7684\u5b89\u5168\u6027\u6f0f\u6d1e\u7e3d\u6578\u8fd11\u842c\u500b\u3002\u6b63\u56e0\u70ba\u5982\u6b64\uff0cCVE\u8cc7\u6599\u5eab\u7684\u7dad\u8b77\u8005\u5ba3\u4f48\u5c07<a href=\"https:\/\/cve.mitre.org\/cve\/identifiers\/syntaxchange.html\">\u4fee\u6539CVE\u8a9e\u6cd5<\/a>\uff0c\u5b83\u73fe\u5728\u5141\u8a31\u6bcf\u5e74\u53ef\u5206\u914d\u7684\u6f0f\u6d1e\u8b58\u5225\u78bc\u9054\u52301000\u842c\u500b\u3002<\/li>\n<li>\u91cd\u5927\u7684\u300c\u547d\u540d\u300d\u6f0f\u6d1e\u50cf\u662f<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=7889\">Heartbleed\u5fc3\u6dcc\u8840\u6f0f\u6d1e<\/a>\u3001<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=10355\">Shellshock<\/a>\u3001<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/poodle-vulnerability-puts-online-transactions-at-risk\/\">Poodle<\/a>\u548cWinShock\u88ab\u62ab\u9732\uff0c\u4e26\u5728\u5b89\u5168\u7522\u696d\u5167\u5ee3\u70ba\u4eba\u77e5\u3002\u9019\u4e9b\u6f0f\u6d1e\u56e0\u70ba\u5176\u56b4\u91cd\u7684\u5f71\u97ff\u3001\u5ee3\u6cdb\u7684\u653b\u64ca\u9762\u53ca\u4fee\u88dc\u7684\u56f0\u96e3\u800c\u503c\u5f97\u6ce8\u610f\u3002<\/li>\n<li>\u653e\u5927\u5206\u6563\u5f0f\u963b\u65b7\u670d\u52d9\uff08DDoS\uff09\u653b\u64ca\u589e\u52a0\u3002\u9019\u4e9b\u653b\u64ca\u88ab\u7528\u4f86\u7522\u751f\u5927\u898f\u6a21\u7db2\u8def\u6d41\u91cf\u4ee5\u963b\u65b7\u670d\u52d9\u3002\u5b83\u5229\u7528\u7db2\u8def\u901a\u8a0a\u5354\u5b9a\u7684\u6f0f\u6d1e\u4f86\u300c\u5f15\u51fa\u300d\u5927\u91cf\u56de\u61c9\u5c01\u5305\uff0c\u5c07\u5176\u300c\u91cd\u65b0\u5c0e\u5411\u300d\u5230\u53d7\u5bb3\u8005\uff0c\u5c0e\u81f4\u5c0d\u5176\u7684\u963b\u65b7\u670d\u52d9\u653b\u64ca\u3002<\/li>\n<li>\u4e00\u4e9b\u597d\u6d88\u606f \u2014 2014\u5e74<a href=\"https:\/\/java-0day.com\/\">\u6c92\u6709JAVA\u96f6\u6642\u5dee\u6f0f\u6d1e<\/a>\uff01\u7136\u800c\uff0c\u9019\u4e26\u4e0d\u4ee3\u8868JAVA\u6f0f\u6d1e\u4e0d\u6703\u906d\u53d7\u653b\u64ca\u3002\u5b83\u5011\u9084\u662f\u6703\u88ab\u6f0f\u6d1e\u653b\u64ca\u5305\u52a0\u4ee5\u5229\u7528\u3002\u6240\u4ee5\u4ecd\u5728\u4f7f\u7528\u820a\u7248\u672cJAVA\u7684\u4f7f\u7528\u8005\u61c9\u8a72\u8981\u52a0\u4ee5\u5347\u7d1a\u3002<\/li>\n<li>\u5c0d\u65bcAdobe\u7522\u54c1\u4f86\u8aaa\u5c31\u6bd4\u8f03\u8907\u96dc\u3002\u6574\u9ad4\u4f86\u8aaa\uff0cAdobe\u7522\u54c1\u7684\u5b89\u5168\u6027\u6f0f\u6d1e\u6578\u91cf\u5f9e2013\u5e74\u958b\u59cb\u4e0b\u964d\u3002\u7136\u800c\uff0c<a href=\"https:\/\/www.cvedetails.com\/product\/6761\/Adobe-Flash-Player.html?vendor_id=53\">Adobe Flash\u7684\u5b89\u5168\u6027\u6f0f\u6d1e<\/a>\u6578\u91cf\u5f9e56\u500b\u4e0a\u5347\u523076\u500b\u3002Acrobat\/Reader\u6f0f\u6d1e\u4e0b\u8dcc\u4e86\u5e7e\u4e4e30%\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2015\/01\/vulnerabilities.png\" alt=\"\" width=\"576\" height=\"535\" \/><\/p>\n<p><em>\u57161<\/em><em>\u3001Flash Player<\/em><em>\u548cAcrobat\/Reader<\/em><em>\u7684\u5b89\u5168\u6027\u6f0f\u6d1e\u6578\u91cf<\/em><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>\u6709\u8a31\u591aOpenSSL\u7684\u6f0f\u6d1e\u88ab\u767c\u73fe\uff0c\u4e0d\u53ea\u662fHeartbleed\u3002\u5728 2014 \u5e74\uff0c<a href=\"https:\/\/www.cvedetails.com\/vendor\/217\/Openssl.html\">\u670924\u500b \u6f0f\u6d1e\u88ab\u767c\u73fe<\/a> \u2014 \u662f\u4e4b\u524d\u4e09\u5e74\u7684\u7e3d\u548c\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\u4e86\u89e3\u4e0a\u8ff0\u4e8b\u5be6\u5f8c\uff0c\u6211\u5011\u8a72\u5f9e\u4e2d\u5b78\u5230\u4ec0\u9ebc\uff1f<\/p>\n<ul>\n<li>\u5373\u4f7f\u662f\u820a\u61c9\u7528\u7a0b\u5f0f\u4ecd\u7136\u53ef\u4ee5\u88ab\u767c\u73fe\u6f0f\u6d1e\uff0c\u6b63\u5982\u6211\u5011\u6240\u770b\u5230\u7684Heartbleed\u548cShellshock\u3002<\/li>\n<li>\u958b\u653e\u539f\u59cb\u78bc\u8edf\u9ad4\u64da\u8aaa\u5728\u672c\u8cea\u4e0a\u8f03\u5b89\u5168\uff0c\u56e0\u70ba\u5b83\u6703\u88ab\u591a\u4eba\u6aa2\u8996\uff08\u4e5f\u56e0\u6b64\u6709\u66f4\u591a\u6a5f\u6703\u767c\u73fe\u5b89\u5168\u6027\u6f0f\u6d1e\uff09\u3002\u7136\u800c\u5f9eOpenSSL\u548cBash\u7684\u4f8b\u5b50\u53ef\u4ee5\u5f97\u77e5\u4e26\u4e0d\u4e00\u5b9a\u5982\u6b64\u3002<\/li>\n<li>CVSS\u5206\u6578\u4e26\u4e0d\u80fd\u5b8c\u5168\u7684\u8868\u73fe\u51fa\u5b89\u5168\u6027\u6f0f\u6d1e\u7684\u56b4\u91cd\u6027\u3002\u7562\u7adfHeartbleed\u53ea\u62ff\u5230\u4e86CVSS 5.0\u7684\u5206\u6578\uff01\u6839\u64da\u4f60\u7d44\u7e54\u7684\u60c5\u6cc1\u548c\u61c9\u7528\u7a0b\u5f0f\u4f86\u8a55\u4f30\u6f0f\u6d1e\u7684\u5f71\u97ff\u3002\u7528\u4f86\u52a0\u6b0a\uff08CVSS\uff09\u5206\u6578\uff01<\/li>\n<li>\u76e1\u5feb\u5730\u5347\u7d1a\u7248\u672c\u3002\u53ea\u8981\u60c5\u6cc1\u5141\u8a31\u5c31\u76e1\u5feb\u66f4\u65b0\u4fee\u88dc\u7a0b\u5f0f\u3002<\/li>\n<li>\u4e0d\u65b7\u6aa2\u8996\u4f60\u7684\u5b89\u5168\u72c0\u614b\u548c\u76f8\u61c9\u5730\u898f\u5283\u4f60\u5728\u8cc7\u8a0a\u5b89\u5168\u5de5\u5177\u548c\u505a\u6cd5\u4e0a\u7684\u6295\u8cc7\u3002\u54e1\u5de5\u6559\u80b2\u662f\u78ba\u4fdd\u516c\u53f8\u8cc7\u8a0a\u5b89\u5168\u7684\u95dc\u9375\u4e00\u74b0\u3002\u540c\u6642\uff0c\u4e5f\u78ba\u4fdd\u4f60\u5145\u5206\u5730\u5229\u7528\u4e86\u5b89\u5168\u89e3\u6c7a\u65b9\u6848 \u2014 \u4f8b\u5982\u9032\u884c\u6b63\u78ba\u7684\u8a2d\u5b9a\uff0c\u6839\u64da\u9700\u6c42\u4f86\u52a0\u4ee5\u8abf\u6574\u7b49\u3002<\/li>\n<li>\u5be6\u65bd\u6700\u4f4e\u6b0a\u9650\u5b58\u53d6\u653f\u7b56\u3002\u4eca\u65e5\u6709\u8a31\u591a\u6f0f\u6d1e\u653b\u64ca\u90fd\u53ef\u4ee5\u53d6\u5f97\u767b\u5165\u4f7f\u7528\u8005\u7684\u6b0a\u9650\uff1b\u6700\u4f4e\u6b0a\u9650\u5b58\u53d6\u653f\u7b56\u5c07\u6709\u52a9\u65bc\u6e1b\u8f15\u9019\u4e9b\u653b\u64ca\u6240\u9020\u6210\u7684\u640d\u5bb3\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>2014 \u5e74\u9084\u6709\u4e00\u4e9b\u5176\u4ed6\u4e26\u975e\u51fa\u4e4e\u9810\u6599\u7684\u4e8b\u4ef6\uff0c\u4f46\u4ecd\u76f8\u7576\u503c\u5f97\u6ce8\u610f\u3002<\/p>\n<p><!--more--><\/p>\n<ul>\n<li>\u6709\u516b\u500bIE\u700f\u89bd\u5668\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\uff0c\u800cAdobe Acrobat\/Reader\u5247\u6709\u56db\u500b\u3002\u4f60\u53ef\u4ee5\u8003\u616e\u4f7f\u7528\u4e00\u4e9b\u66ff\u4ee3\u6027\u7684\u700f\u89bd\u5668\u548cPDF\u95b1\u8b80\u5668\u3002<\/li>\n<li>\u5c0d\u7db2\u9801\u4f3a\u670d\u5668\u4f86\u8aaa\uff0cApache Struts\u548cWordPress\uff08\u53caWordPress\u5916\u639b\u7a0b\u5f0f\uff09\u90fd\u88ab\u767c\u73fe\u96f6\u6642\u5dee\u6f0f\u6d1e\u3002\u53ef\u4ee5\u6e05\u695a\u5730\u77e5\u9053\uff0c\u9664\u4e86\u4f3a\u670d\u5668\u8edf\u9ad4\u5916\uff0c\u984d\u5916\u7684\u5916\u639b\u7a0b\u5f0f\u4e5f\u662f\u53ef\u80fd\u7684\u98a8\u96aa\u4f86\u6e90\u3002<\/li>\n<li>\u8da8\u52e2\u79d1\u6280\u57282014\u5e74\u767c\u73fe\u4e26\u56de\u5831\u4e8619\u500b\u56b4\u91cd\u6f0f\u6d1e\u7d66\u76f8\u95dc\u5ee0\u5546\uff08\u53c3\u8003\u4e0b\u65b9\u5b8c\u6574\u5217\u8868\uff09<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\u7121\u8ad6\u6211\u5011\u770b\u5230\u4e86\u591a\u5c11\u500b\u96f6\u6642\u5dee\u6216Heartbleed\/Shellshock\u985e\u578b\u6f0f\u6d1e\uff0c\u6211\u5011\u4e5f\u4e0d\u8981\u5fd8\u8a18\u50cfSQL\u6ce8\u5165\u3001\u8de8\u7db2\u7ad9\u8173\u672c\uff08XSS\uff09\uff0c\u6253\u7834\u8eab\u4efd\u8a8d\u8b49\u7b49\u7db2\u9801\u61c9\u7528\u7a0b\u5f0f\u4e2d\u7684\u57fa\u672c\u5b89\u5168\u6027\u6f0f\u6d1e\u4ecd\u7136\u975e\u5e38\u666e\u904d\u3002\u5f88\u591a\u6642\u5019\uff0c\u5b83\u5011\u6b63\u662f\u767c\u751f\u5927\u898f\u6a21\u8cc7\u6599\u5916\u6d29\u4e8b\u4ef6\u80cc\u5f8c\u7684\u539f\u56e0\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u6b64\u5916\uff0c\u6211\u5011\u6c38\u9060\u4e0d\u8a72\u5fd8\u8a18\u63a7\u5236\u8cc7\u6599\u5b58\u53d6\u3001\u76e1\u53ef\u80fd\u5730\u52a0\u5bc6\u3001\u78ba\u4fdd\u6b63\u78ba\u7684\u5b89\u5168\u7522\u54c1\u90fd\u5230\u4f4d\u4f86\u8fc5\u901f\u9632\u8b77\u6f0f\u6d1e\u7b49\u6700\u4f73\u5be6\u4f5c\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u6211\u5011\u57282014\u5e74\u6240\u767c\u73fe\u4e26\u56de\u5831\u7d66\u76f8\u95dc\u5ee0\u5546\u768419\u500b\u56b4\u91cd\u6f0f\u6d1e\uff08\u53ca\u5f71\u97ff\u8edf\u9ad4\uff09\u3002<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0290\">CVE-2014-0290<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0417\">CVE-2014-0417<\/a> \u2013 Java<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0525\">CVE-2014-0525<\/a> \u2013 Adobe Acrobat\/Reader<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0536\">CVE-2014-0536<\/a> \u2013 Adobe Flash<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0559\">CVE-2014-0559<\/a> \u2013 Adobe Flash<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-1753\">CVE-2014-1753<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.oracle.com\/technetwork\/topics\/security\/cpuapr2014-1972952.html\">CVE-2014-2401<\/a> \u2013 Java<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-1772\">CVE-2014-1772<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-1782\">CVE-2014-1782<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-1804\">CVE-2014-1804<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-2768\">CVE-2014-2768<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-4057\">CVE-2014-4057<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-4095\">CVE-2014-4095<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-4097\">CVE-2014-4097<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-4105\">CVE-2014-4105<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/helpx.adobe.com\/security\/products\/flash-player\/apsb14-24.html\">CVE-2014-0581<\/a> \u2013 Flash Player<\/li>\n<li>CVE-2014-6443 \u2013 Netis router<\/li>\n<li><a href=\"https:\/\/technet.microsoft.com\/zh-cn\/library\/security\/dn820091.aspx\">CVE-2014-6368<\/a> \u2013 Internet Explorer<\/li>\n<li><a href=\"https:\/\/technet.microsoft.com\/zh-cn\/library\/security\/dn820091.aspx\">CVE-2014-8447<\/a> \u2013 Adobe Acrobat\/Reader<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\uff20\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/remembering-the-vulnerabilities-of-2014\/\">Remembering the Vulnerabilities of 2014<\/a>\u4f5c\u8005\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/pawankinger\/\">Pawan Kinger\uff08Deep Security\u5be6\u9a57\u5ba4\u7e3d\u76e3\uff09<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u96a8\u8457\u65b0\u5e74\u6176\u795d\u6d3b\u52d5\u5b89\u5168\u5730\u904e\u53bb\uff0c\u662f\u6642\u5019\u5411\u524d\u770b\uff0c\u4e26\u958b\u59cb\u898f\u52832015\u4e86\u3002\u4f46\u5728\u9019\u6a23\u505a\u4e4b\u524d\uff0c\u8b93\u6211\u5011\u82b1\u4e0a\u5e7e\u5206\u9418\u8a18\u4f4f2014\u5e74 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[906,195,156],"tags":[1927,2292],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/11071"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11071"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/11071\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}