Domain name for API request: tcss.intl.tencentcloudapi.com.
This API is used to query vulnerability details.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeVulDetail. |
| Version | Yes | String | Common Params. The value used for this API: 2020-11-01. |
| Region | No | String | Common Params. This parameter is not required. |
| PocID | Yes | String | POC ID |
| Parameter Name | Type | Description |
|---|---|---|
| VulInfo | VulDetailInfo | Vulnerability details |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: tcss.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeVulDetail
<Common request parameters>
{
"PocID": "1"
}
{
"Response": {
"RequestId": "2d770ee1-8360-4c62-badc-257688f1e4de",
"VulInfo": {
"CVEID": "CVE-2023-50164",
"CVSSV3Desc": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSSV3Score": 9.8,
"Category": "OTHER",
"CategoryType": "EMERGENCY",
"ComponentList": [
{
"FixedVersion": [
">2.3.37",
"2.5.33",
"6.3.0.2"
],
"Name": "(apache) struts",
"Version": [
"2.0.0<=version<=2.3.37",
"2.5.0<=version<2.5.33",
"6.0.0<=version<6.3.0.2"
]
}
],
"ContainerCount": 0,
"DefenceHostCount": 78,
"DefenceScope": "ALL",
"DefenceStatus": "DEFENDED",
"DefendedCount": 0,
"DefenseSolution": "The official security version has been published. Users affected by vulnerabilities are recommended to update Apache Struts2 to the latest secure version immediately.\nSecurity version:\nApache Struts2 >= 2.5.33\nApache Struts2 >= 6.3.0.2\nOfficial download address: https://struts.apache.org/download.cgi or modify the version information in the configuration file of the project dependency."
"Description": "Apache Struts2 is a Web framework used for development of Java EE network applications. Essentially equivalent to a servlet, it serves as the Controller in the MVC design pattern, creating data interaction between the model and view. The vulnerability stems from defects in file upload logic. An attacker can manipulate file upload parameters to enable path traversal, which in some cases may result in upload of a malicious file for execution of remote code."
"Level": "CRITICAL",
"LocalImageCount": 0,
"LocalNewestImageCount": 0,
"Name": "Vulnerability of Apache Struts2 remote code execution (CVE-2023-50164)"
"OfficialSolution": "It is recommended to pay attention to vendor announcements or upgrade to the latest version."
"PocID": "pcmgr-5555555",
"Reference": [
"https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj"
],
"RegistryImageCount": 0,
"RegistryNewestImageCount": 0,
"ScanStatus": "SCANNED",
"SubmitTime": "2023-12-07 17:01:30",
"Tags": [
"NETWORK"
]
}
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| AuthFailure | A CAM signature/authentication error occurred. |
| InternalError | An internal error occurred. |
| InternalError.MainDBFail | The database operation failed. |
| InvalidParameter | The parameter is incorrect. |
| InvalidParameter.InvalidFormat | The parameter format is incorrect. |
| InvalidParameter.MissingParameter | The required parameter is missing. |
| InvalidParameter.ParsingError | A parameter parsing error occurred. |
| MissingParameter | The parameter is missing. |
| ResourceNotFound | The resource does not exist. |
文档反馈