Apache Tomcat AJP RCE Vulnerability 漏洞

Events 最近更新

用OpenVAS对服务器定期安全漏洞扫描,发现其中一个第2次出现的最高级严重漏洞

 

国家信息安全漏洞共享平台上如下描述该漏洞:

https://www.cnvd.org.cn/flaw/show/CNVD-2020-10487

Apache Tomcat服务器存在文件包含漏洞

CNVD-ID CNVD-2020-10487
公开日期 2020-02-20
危害级别 高 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
影响产品 Apache Tomcat 服务器
CVE ID CVE-2020-1938
漏洞描述 Apache与Tomcat都是Apache开源组织开发的用于处理HTTP服务的项目,两者都是免费的,都可以做为独立的Web服务器运行。

Apache Tomcat服务器存在文件包含漏洞,攻击者可利用该漏洞读取或包含 Tomcat 上所有 webapp 目录下的任意文件,如:webapp 配置文件或源代码等。

漏洞类型 通用型漏洞
参考链接
漏洞解决方案 Apache官方已发布9.0.31、8.5.51及7.0.100版本针对此漏洞进行修复,建议用户下载使用:
https://tomcat.apache.org/download-70.cgi
https://tomcat.apache.org/download-80.cgi
https://tomcat.apache.org/download-90.cgi
厂商补丁 Apache Tomcat 服务器存在文件包含漏洞
验证信息 已验证
报送时间 2020-01-06
收录时间 2020-02-19
更新时间 2020-03-16
漏洞附件 附件暂不公开
  在发布漏洞公告信息之前,CNVD都力争保证每条公告的准确性和可靠性。然而,采纳和实施公告中的建议则完全由用户自己决定,其可能引起的问题和结果也完全由用户承担。是否采纳我们的建议取决于您个人或您企业的决策,您应考虑其内容是否符合您个人或您企业的安全策略和流程。

 

用OpenVAS扫描结果如下:

SummaryApache Tomcat is prone to a remote code execution vulnerability in the AJP connector.

Vulnerability Detection Result

It was possible to read the file "WEB-INF/web.xml" through the ajp13 connector.

Result:

AB 5  È  OK       text/html;charset=ISO-8859-1     en-US AB …  <!DOCTYPE html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta http-equiv="X-UA-Compatible" content="IE=7,chrome=1"><title>CRM 后台管理系统 - 登录</title><!--[if lt IE 8]>
  <script src="//cdn.bootcss.com/json3/3.3.2/json3.min.js"></script>
  <![endif]--><script>window.API_PREFIX = '';</script><link href="/css/vendor-8ed87f5f.css" rel="stylesheet"><link href="/css/login-cb81c251.css" rel="stylesheet"></head><body><div class="login-main"><div class="login-page"><img class="login-bg" src="/images/login_bg-cce7432a.gif"><form id="form"><input name="mobile" class="mobile" placeholder="管理员账号"> <input type="password" class="password" name="password" placeholder="密码"><p class="invalid-tip"></p><div class="btn"><button class="button" type="submit">立即登录</button></div></form></div><div class="footer">2016 浙江禾连网络科技有限公司 浙ICP备15005165号-1</div></div><script type="text/javascript">!function(e){var _=window.webpackJsonp;window.webpackJsonp=function(r,t,o){for(var u,c,i,p=0,a=[];p<r.length;p++)c=r[p],n[c]&&a.push(n[c][0]),n[c]=0;for(u in t)Object.prototype.hasOwnProperty.call(t,u)&&(e[u]=t[u]);for(_&&_(r,t,o);a.length;)a.shift()();if(o)for(p=0;p<o.length;p++)i=__webpack_require__(__webpack_require__.s=o[p]);return i};var r={},n={7:0};function __webpack_require__(_){if(r[_])return r[_].exports;var n=r[_]={i:_,l:!1,exports:{}};return e[_].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}__webpack_require__.m=e,__webpack_require__.c=r,__webpack_require__.d=function(e,_,r){__webpack_require__.o(e,_)||Object.defineProperty(e,_,{configurable:!1,enumerable:!0,get:r})},__webpack_require__.n=function(e){var _=e&&e.__esModule?function(){return e["default"]}:function(){return e};return __webpack_require__.d(_,"a",_),_},__webpack_require__.o=function(e,_){return Object.prototype.hasOwnProperty.call(e,_)},__webpack_require__.p="/",__webpack_require__.oe=function(e){throw e}}([]);</script><script type="text/javascript" src="/js/vendor-fdc77e81.js"></script><script type="text/javascript" src="/js/login-5eb12d1a.js"></script></body></html> AB      AB

SolutionSolution type: VendorFix VendorFix

Update to version 7.0.100, 8.5.51, 9.0.31 or later.

Affected Software/OSApache Tomcat versions prior 7.0.100, 8.5.51 or 9.0.31 when the AJP connector is enabled.

Vulnerability InsightApache Tomcat server has a file containing vulnerability, which can be used by an attacker to read or include any files in all webapp directories on Tomcat, such as webapp configuration files or source code.

Vulnerability Detection MethodSends a crafted AJP13 request and checks the response.

Details: Apache Tomcat AJP RCE Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.143545)

Version used: 2020-02-25T10:59:55+0000


 

python a.py  IP地址 -p 8009 -f WEB-INF/web.xml