Comprobación de dependencia de OWASP , que se escribió originalmente para JEE analizarán los componentes (por ejemplo, framework-default, contrib, o las bibliotecas de terceros) en busca de vulnerabilidades a nivel de CVE, y una compatibilidad más reciente para C / C ++ , Java, .NET, PHP, Python, Node.js y Ruby componentes. También se integra para crear entornos como los populares de Java (por ejemplo, maven) y los portales CI que incluyen Jenkins .
También hay una interfaz web para la verificación de dependencia de OWASP llamada Seguimiento de dependencia . Todas estas son soluciones de software de código abierto (FOSS) disponibles en la amplia comunidad de seguridad de OWASP.
Aquí también se encuentra una búsqueda de frameworks multiplataforma extremadamente poco ortodoxa que utiliza el comando grep de Linux, que muestra que se pueden buscar todos los CVE relacionados con Java utilizando este método:
$ msfconsole -qx "search cve:CVE; exit" | grep -i java | grep -vi javascript
auxiliary/server/jsse_skiptls_mitm_proxy 2015-01-20 normal Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
exploit/linux/misc/jenkins_java_deserialize 2015-11-18 excellent Jenkins CLI RMI Java Deserialization Vulnerability
exploit/multi/browser/java_atomicreferencearray 2012-02-14 excellent Java AtomicReferenceArray Type Violation Vulnerability
exploit/multi/browser/java_calendar_deserialize 2008-12-03 excellent Sun Java Calendar Deserialization Privilege Escalation
exploit/multi/browser/java_getsoundbank_bof 2009-11-04 great Sun Java JRE getSoundbank file:// URI Buffer Overflow
exploit/multi/browser/java_jre17_driver_manager 2013-01-10 excellent Java Applet Driver Manager Privileged toString() Remote Code Execution
exploit/multi/browser/java_jre17_exec 2012-08-26 excellent Java 7 Applet Remote Code Execution
exploit/multi/browser/java_jre17_glassfish_averagerangestatisticimpl 2012-10-16 excellent Java Applet AverageRangeStatisticImpl Remote Code Execution
exploit/multi/browser/java_jre17_jaxws 2012-10-16 excellent Java Applet JAX-WS Remote Code Execution
exploit/multi/browser/java_jre17_jmxbean 2013-01-10 excellent Java Applet JMX Remote Code Execution
exploit/multi/browser/java_jre17_jmxbean_2 2013-01-19 excellent Java Applet JMX Remote Code Execution
exploit/multi/browser/java_jre17_method_handle 2012-10-16 excellent Java Applet Method Handle Remote Code Execution
exploit/multi/browser/java_jre17_provider_skeleton 2013-06-18 great Java Applet ProviderSkeleton Insecure Invoke Method
exploit/multi/browser/java_jre17_reflection_types 2013-01-10 excellent Java Applet Reflection Type Confusion Remote Code Execution
exploit/multi/browser/java_rhino 2011-10-18 excellent Java Applet Rhino Script Engine Remote Code Execution
exploit/multi/browser/java_rmi_connection_impl 2010-03-31 excellent Java RMIConnectionImpl Deserialization Privilege Escalation
exploit/multi/browser/java_setdifficm_bof 2009-11-04 great Sun Java JRE AWT setDiffICM Buffer Overflow
exploit/multi/browser/java_storeimagearray 2013-08-12 great Java storeImageArray() Invalid Array Indexing Vulnerability
exploit/multi/browser/java_trusted_chain 2010-03-31 excellent Java Statement.invoke() Trusted Method Chain Privilege Escalation
exploit/multi/browser/java_verifier_field_access 2012-06-06 excellent Java Applet Field Bytecode Verifier Cache Remote Code Execution
exploit/multi/browser/mozilla_navigatorjava 2006-07-25 normal Mozilla Suite/Firefox Navigator Object Code Execution
exploit/multi/browser/qtjava_pointer 2007-04-23 excellent Apple QTJava toQTPointer() Arbitrary Memory Access
exploit/multi/elasticsearch/script_mvel_rce 2013-12-09 excellent ElasticSearch Dynamic Script Arbitrary Java Execution
exploit/multi/http/jboss_deploymentfilerepository 2010-04-26 excellent JBoss Java Class DeploymentFileRepository WAR Deployment
exploit/multi/http/sun_jsws_dav_options 2010-01-20 great Sun Java System Web Server WebDAV OPTIONS Buffer Overflow
exploit/multi/misc/java_jmx_server 2013-05-22 excellent Java JMX Server Insecure Configuration Java Code Execution
exploit/windows/browser/java_basicservice_impl 2010-10-12 excellent Sun Java Web Start BasicServiceImpl Code Execution
exploit/windows/browser/java_cmm 2013-03-01 normal Java CMM Remote Code Execution
exploit/windows/browser/java_codebase_trust 2011-02-15 excellent Sun Java Applet2ClassLoader Remote Code Execution
exploit/windows/browser/java_docbase_bof 2010-10-12 great Sun Java Runtime New Plugin docbase Buffer Overflow
exploit/windows/browser/java_mixer_sequencer 2010-03-30 great Java MixerSequencer Object GM_Song Structure Handling Vulnerability
exploit/windows/browser/java_ws_arginject_altjvm 2010-04-09 excellent Sun Java Web Start Plugin Command Line Argument Injection
exploit/windows/browser/java_ws_double_quote 2012-10-16 excellent Sun Java Web Start Double Quote Injection
exploit/windows/browser/java_ws_vmargs 2012-02-14 excellent Sun Java Web Start Plugin Command Line Argument Injection
exploit/windows/http/hp_nnm_webappmon_ovjavalocale 2010-08-03 great HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow
Uno podría usar un motor de búsqueda de marco de explotación diferente, como el de Core Security, para realizar una búsqueda extensa similar: enlace - o incluso el de Immunity Security - enlace