漏洞信息详情
Apache Zookeeper 授权问题漏洞
- CNNVD编号:CNNVD-201905-954 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2019-0201
- 漏洞类型: 授权问题
- 发布时间: 2019-05-23
- 威胁类型: 远程
- 更新时间: 2021-08-20
- 厂 商:
- 漏洞来源: Inc,Red Hat, Inc....
-
漏洞简介
Apache Zookeeper是美国阿帕奇(Apache)软件基金会的一个软件项目,它能够为大型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。
Apache ZooKeeper 1.0.0版本至3.4.13版本和3.5.0-alpha版本至3.5.4-beta版本中存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://zookeeper.apache.org/security.html#CVE-2019-0201
参考网址
来源:CONFIRM
链接:https://zookeeper.apache.org/security.html#CVE-2019-0201
来源:seclists.org
链接:https://seclists.org/oss-sec/2019/q2/119
来源:issues.apache.org
链接:https://issues.apache.org/jira/browse/ZOOKEEPER-1392
来源:zookeeper.apache.org
链接:https://zookeeper.apache.org/releases.html
来源:www.apache.org
链接:http://www.apache.org/
来源:MLIST
链接:https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
来源:BID
链接:https://www.securityfocus.com/bid/108427
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2020.html
来源:MLIST
链接:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2019/Jun/13
来源:BID
链接:http://www.securityfocus.com/bid/108427
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4352
来源:N/A
链接:https://www.oracle.com//security-alerts/cpujul2021.html
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20190619-0001/
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:3892
来源:MLIST
链接:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:3140
来源:MLIST
链接:https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E
来源:DEBIAN
链接:https://www.debian.org/security/2019/dsa-4461
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujul2020.html
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:3892
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10888071
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10888065
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10884414
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10888067
来源:lists.debian.org
链接:https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html
来源:www.debian.org
链接:http://www.debian.org/security/2019/dsa-4461
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4352
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1405/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1427/
来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10957455
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4332/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155728/Red-Hat-Security-Advisory-2019-4352-01.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-0201
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3227/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4737/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2665/
来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10958553
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2079/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1119117
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpuoct2020.html
来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10888067
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-apache-zookeeper-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2019-0201/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1871/
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/108427
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-agile-lifecycle-manager-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155352/Red-Hat-Security-Advisory-2019-3892-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1638/
受影响实体
暂无
补丁
- Apache Zookeeper 信息泄露漏洞的修复措施<!--2019-5-23-->
还没有评论,来说两句吧...