CVE编号
CVE-2020-1938利用情况
EXP 已公开补丁情况
官方补丁披露时间
2020-02-25漏洞描述
在使用Apache JServ协议(AJP)时,在信任Apache Tomcat的传入连接时必须小心。 Tomcat将AJP连接视为具有比类似HTTP连接更高的信任。 如果攻击者可以使用这样的连接,那么它们可能会被以令人惊讶的方式利用。 在Apache Tomcat9.0.0中。 M1到9.0.0.30、8.5.0到8.5.50和7.0.0到7.0.99,Tomcat附带一个默认启用的AJP连接器,该连接器监听所有配置的IP地址。 预计(并在安全指南中建议)如果不需要,此连接器将被禁用。该漏洞报告确定了一种允许的机制:-从Web应用程序中的任何地方返回任意文件-将Web应用程序中的任何文件作为JSP进一步处理,如果Web应用程序允许文件上传并将这些文件存储在Web应用程序中(或者攻击者能够通过其他方法控制Web应用程序的内容),那么这一机制以及将文件作为JSP处理的能力使远程代码执行成为可能。 需要注意的是,只有当AJP端口对不受信任的用户开放时,才需要进行缓解。 希望采用深入防御方法并阻止允许返回任意文件和执行的向量的用户可以升级到Apache Tomcat9.0.31、8.5.51或7.0.100或更高版本。 对9.0.31中的默认AJP连接器配置进行了一些更改,以加强默认配置。用户升级到9.0.31、8.5.51或7.0.100或更高版本可能需要对其配置进行小的更改。解决建议
1、升级至安全版本2、关闭AJP连接器,修改Tomcat的service.xml,注释掉 。或者禁止Tomcat 的 AJP端口对公网开放。
参考链接 |
|
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html | |
| http://support.blackberry.com/kb/articleDetail?articleNumber=000062739 | |
| https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a... | |
| https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd... | |
| https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c... | |
| https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c... | |
| https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c0... | |
| https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e... | |
| https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a6... | |
| https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54... | |
| https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c2... | |
| https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f... | |
| https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be2... | |
| https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c1... | |
| https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e09... | |
| https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d... | |
| https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63... | |
| https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398... | |
| https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a9... | |
| https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63ad... | |
| https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c... | |
| https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86b... | |
| https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603... | |
| https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f... | |
| https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f... | |
| https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea56924355... | |
| https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a9... | |
| https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf... | |
| https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a... | |
| https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5... | |
| https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a... | |
| https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0... | |
| https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e8117... | |
| https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68... | |
| https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6ef... | |
| https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52... | |
| https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a... | |
| https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d... | |
| https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html | |
| https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://lists.fedoraproject.org/archives/list/[email protected]... | |
| https://security.gentoo.org/glsa/202003-43 | |
| https://security.netapp.com/advisory/ntap-20200226-0002/ | |
| https://www.debian.org/security/2020/dsa-4673 | |
| https://www.debian.org/security/2020/dsa-4680 | |
| https://www.oracle.com/security-alerts/cpujan2021.html | |
| https://www.oracle.com/security-alerts/cpujul2020.html | |
| https://www.oracle.com/security-alerts/cpuoct2020.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | apache | tomcat | * |
From (including) 7.0.0 |
Up to (including) 7.0.99 |
||||
| 运行在以下环境 | |||||||||
| 应用 | apache | tomcat | * |
From (including) 8.5.0 |
Up to (including) 8.5.50 |
||||
| 运行在以下环境 | |||||||||
| 应用 | apache | tomcat | * |
From (including) 9.0.0 |
Up to (including) 9.0.30 |
||||
| 运行在以下环境 | |||||||||
| 系统 | alibaba_cloud_linux_2.1903 | tomcat | * |
Up to (excluding) 7.0.76-11.1.al7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon linux_2 | tomcat | * |
Up to (excluding) 2.2-api-7.0.76-10.amzn2.0.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon linux_AMI | tomcat | * |
Up to (excluding) 3.0-api-7.0.100-1.36.amzn1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | tomcat | * |
Up to (excluding) 7.0.76-10.amzn2.0.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_AMI | tomcat | * |
Up to (excluding) 3.0-api-7.0.100-1.36.amzn1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | centos_6 | tomcat | * |
Up to (excluding) 6.0.24-114.el6_10 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | centos_7 | tomcat | * |
Up to (excluding) 7.0.76-11.el7_7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | tomcat | * |
Up to (excluding) 9.0.31-1~deb10u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_8 | tomcat | * |
Up to (excluding) 7.0.56-3+deb8u3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | tomcat | * |
Up to (excluding) 7.0.75-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_30 | tomcat | * |
Up to (excluding) 9.0.31-2.fc30 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | tomcat | * |
Up to (excluding) 9.0.31-2.fc31 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_32 | tomcat | * |
Up to (excluding) 9.0.31-2.fc32 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_6 | tomcat | * |
Up to (excluding) 7.0.100-2.el6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.1 | tomcat | * |
Up to (excluding) 2.4.33-lp151.8.12.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle linux_6 | tomcat | * |
Up to (excluding) 6.0.24-114.el6_10 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle linux_7 | tomcat | * |
Up to (excluding) 7.0.76-11.el7_7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_6 | tomcat | * |
Up to (excluding) 6.0.24-114.el6_10 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_7 | tomcat | * |
Up to (excluding) 7.0.76-11.el7_7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_6 | tomcat6 | * |
Up to (excluding) 0:6.0.24-114.el6_10 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_7 | tomcat | * |
Up to (excluding) 0:7.0.76-11.el7_7 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12 | apache2 | * |
Up to (excluding) 2.4.16-20.29 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP4 | tomcat | * |
Up to (excluding) 2.4.23-29.54.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP5 | tomcat | * |
Up to (excluding) 2.4.23-29.54.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP4 | tomcat | * |
Up to (excluding) 2.4.23-29.54.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | tomcat | * |
Up to (excluding) 2.4.23-29.54.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | unionos_20 | tomcat | * |
Up to (excluding) 9.0.31-1~deb10u2 |
|||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 EXP 已公开
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 服务器失陷
- 全网数量 N/A
还没有评论,来说两句吧...