CVE编号
CVE-2020-9484利用情况
漏洞武器化补丁情况
官方补丁披露时间
2020-05-21漏洞描述
Apache Tomcat是由Apache软件基金会属下Jakarta项目开发的Servlet容器。攻击者可能可以构造恶意请求,造成反序列化代码执行漏洞。成功利用该漏洞需要同时满足下列四个条件:1. 攻击者能够控制服务器上文件的内容和名称
2. 服务器PersistenceManager配置中使用了FileStore
3. 服务器PersistenceManager配置中设置了sessionAttributeValueClassNameFilter为NULL,或者使用了其他较为宽松的过滤器,允许攻击者提供反序列化数据对象
4. 攻击者知道使用的FileStore存储位置到可控文件的相对文件路径。
整体利用条件较为苛刻,实际危害相对较低,为彻底防止漏洞潜在风险,阿里云应急响应中心仍建议Apache Tomcat用户修复漏洞。
解决建议
1. 升级Apache Tomcat至安全版本2. 禁止使用Session持久化功能FileStore
参考链接 |
|
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html | |
| http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof... | |
| http://seclists.org/fulldisclosure/2020/Jun/6 | |
| http://www.openwall.com/lists/oss-security/2021/03/01/2 | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10332 | |
| https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf735589... | |
| https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78... | |
| https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa66... | |
| https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23b... | |
| https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c862... | |
| https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d... | |
| https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7... | |
| https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f7... | |
| https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a9... | |
| https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e... | |
| https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a723... | |
| https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c80... | |
| https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a0... | |
| https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981... | |
| https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59e... | |
| https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a9... | |
| https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a9... | |
| https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a9... | |
| https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a9... | |
| https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html | |
| https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://security.gentoo.org/glsa/202006-21 | |
| https://security.netapp.com/advisory/ntap-20200528-0005/ | |
| https://usn.ubuntu.com/4448-1/ | |
| https://usn.ubuntu.com/4596-1/ | |
| https://www.debian.org/security/2020/dsa-4727 | |
| https://www.oracle.com//security-alerts/cpujul2021.html | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | |
| https://www.oracle.com/security-alerts/cpujan2021.html | |
| https://www.oracle.com/security-alerts/cpujan2022.html | |
| https://www.oracle.com/security-alerts/cpujul2020.html | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | |
| https://xz.aliyun.com/t/8807 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | apache | tomcat | * |
From (including) 7.0.0 |
Up to (including) 7.0.103 |
||||
| 运行在以下环境 | |||||||||
| 应用 | apache | tomcat | * |
From (including) 8.5.0 |
Up to (including) 8.5.54 |
||||
| 运行在以下环境 | |||||||||
| 应用 | apache | tomcat | * |
From (including) 9.0.1 |
Up to (including) 9.0.34 |
||||
| 运行在以下环境 | |||||||||
| 应用 | apache | tomcat | 10.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | apache | tomcat | 9.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | oracle | instantis_enterprisetrack | * |
From (including) 17.1 |
Up to (including) 17.3 |
||||
| 运行在以下环境 | |||||||||
| 系统 | canonical | ubuntu_linux | 16.04 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian | debian_linux | 10.0 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian | debian_linux | 8.0 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian | debian_linux | 9.0 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedoraproject | fedora | 31 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedoraproject | fedora | 32 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse | leap | 15.1 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_6 | tomcat6 | * |
Up to (excluding) 0:6.0.24-115.el6_10 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_7 | tomcat | * |
Up to (excluding) 0:7.0.76-12.el7_8 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12 | tomcat | * |
Up to (excluding) 9.0.35-3.32 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12 | tomcat | * |
Up to (excluding) 9.0.35-3.32 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04.7_lts | tomcat8 | * |
Up to (excluding) 8.0.32-1ubuntu1.13 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04_lts | tomcat8 | * |
Up to (excluding) 8.0.32-1ubuntu1.13 |
|||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 漏洞武器化
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 服务器失陷
- 全网数量 N/A
还没有评论,来说两句吧...