用OpenVAS对服务器定期安全漏洞扫描,发现其中一个第2次出现的最高级严重漏洞
国家信息安全漏洞共享平台上如下描述该漏洞:
https://www.cnvd.org.cn/flaw/show/CNVD-2020-10487
Apache Tomcat服务器存在文件包含漏洞
CNVD-ID | CNVD-2020-10487 |
公开日期 | 2020-02-20 |
危害级别 | 高 (AV:N/AC:L/Au:N/C:C/I:C/A:C) |
影响产品 | Apache Tomcat 服务器 |
CVE ID | CVE-2020-1938 |
漏洞描述 | Apache与Tomcat都是Apache开源组织开发的用于处理HTTP服务的项目,两者都是免费的,都可以做为独立的Web服务器运行。
Apache Tomcat服务器存在文件包含漏洞,攻击者可利用该漏洞读取或包含 Tomcat 上所有 webapp 目录下的任意文件,如:webapp 配置文件或源代码等。 |
漏洞类型 | 通用型漏洞 |
参考链接 | |
漏洞解决方案 | Apache官方已发布9.0.31、8.5.51及7.0.100版本针对此漏洞进行修复,建议用户下载使用: https://tomcat.apache.org/download-70.cgi https://tomcat.apache.org/download-80.cgi https://tomcat.apache.org/download-90.cgi |
厂商补丁 | Apache Tomcat 服务器存在文件包含漏洞 |
验证信息 | 已验证 |
报送时间 | 2020-01-06 |
收录时间 | 2020-02-19 |
更新时间 | 2020-03-16 |
漏洞附件 | 附件暂不公开 |
在发布漏洞公告信息之前,CNVD都力争保证每条公告的准确性和可靠性。然而,采纳和实施公告中的建议则完全由用户自己决定,其可能引起的问题和结果也完全由用户承担。是否采纳我们的建议取决于您个人或您企业的决策,您应考虑其内容是否符合您个人或您企业的安全策略和流程。 |
用OpenVAS扫描结果如下:
SummaryApache Tomcat is prone to a remote code execution vulnerability in the AJP connector.
Vulnerability Detection Result
It was possible to read the file "WEB-INF/web.xml" through the ajp13 connector. Result: AB 5 È OK text/html;charset=ISO-8859-1 en-US AB <!DOCTYPE html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta http-equiv="X-UA-Compatible" content="IE=7,chrome=1"><title>CRM åå°ç®¡çç³»ç» - ç»å½</title><!--[if lt IE 8]> <script src="//cdn.bootcss.com/json3/3.3.2/json3.min.js"></script> <![endif]--><script>window.API_PREFIX = '';</script><link href="/css/vendor-8ed87f5f.css" rel="stylesheet"><link href="/css/login-cb81c251.css" rel="stylesheet"></head><body><div class="login-main"><div class="login-page"><img class="login-bg" src="/images/login_bg-cce7432a.gif"><form id="form"><input name="mobile" class="mobile" placeholder="管çåè´¦å·"> <input type="password" class="password" name="password" placeholder="å¯ç "><p class="invalid-tip"></p><div class="btn"><button class="button" type="submit">ç«å³ç»å½</button></div></form></div><div class="footer">2016 æµæ±ç¦¾è¿ç½ç»ç§ææéå ¬å¸ æµICPå¤15005165å·-1</div></div><script type="text/javascript">!function(e){var _=window.webpackJsonp;window.webpackJsonp=function(r,t,o){for(var u,c,i,p=0,a=[];p<r.length;p++)c=r[p],n[c]&&a.push(n[c][0]),n[c]=0;for(u in t)Object.prototype.hasOwnProperty.call(t,u)&&(e[u]=t[u]);for(_&&_(r,t,o);a.length;)a.shift()();if(o)for(p=0;p<o.length;p++)i=__webpack_require__(__webpack_require__.s=o[p]);return i};var r={},n={7:0};function __webpack_require__(_){if(r[_])return r[_].exports;var n=r[_]={i:_,l:!1,exports:{}};return e[_].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}__webpack_require__.m=e,__webpack_require__.c=r,__webpack_require__.d=function(e,_,r){__webpack_require__.o(e,_)||Object.defineProperty(e,_,{configurable:!1,enumerable:!0,get:r})},__webpack_require__.n=function(e){var _=e&&e.__esModule?function(){return e["default"]}:function(){return e};return __webpack_require__.d(_,"a",_),_},__webpack_require__.o=function(e,_){return Object.prototype.hasOwnProperty.call(e,_)},__webpack_require__.p="/",__webpack_require__.oe=function(e){throw e}}([]);</script><script type="text/javascript" src="/js/vendor-fdc77e81.js"></script><script type="text/javascript" src="/js/login-5eb12d1a.js"></script></body></html> AB AB
SolutionSolution type: VendorFix
Update to version 7.0.100, 8.5.51, 9.0.31 or later.
Affected Software/OSApache Tomcat versions prior 7.0.100, 8.5.51 or 9.0.31 when the AJP connector is enabled.
Vulnerability InsightApache Tomcat server has a file containing vulnerability, which can be used by an attacker to read or include any files in all webapp directories on Tomcat, such as webapp configuration files or source code.
Vulnerability Detection MethodSends a crafted AJP13 request and checks the response.
Details: Apache Tomcat AJP RCE Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.143545)
Version used: 2020-02-25T10:59:55+0000
python a.py IP地址 -p 8009 -f WEB-INF/web.xml