LoginSignup
0

More than 3 years have passed since last update.

CVE-2019-3394/Confluence本地文件泄露漏洞

Last updated at Posted at 2019-09-02

漏洞影响范围

6.1.0 <= version <6.6.16
6.7.0 <= version <6.13.7
6.14.0 <= version <6.15.8

触发条件

1.一个有效的登录账号
2.该账号具有在空间「添加页面」的权限
image.png

复现步骤

路径说明

由于catalina.jar中的org.apache.catalina.webresources.StandardRoot.classgetResource方法的validate存在过滤和限制,所以可遍历路径均在/WEB-INF

validate

可读取的文件大致如下

#WEB-INF下
decorators.xml
glue-config.xml
server-config.wsdd
sitemesh.xml
urlrewrite.xml
web.xml
#/WEB-INF/classes下
confluence-filtered-frames.properties
confluence-init.properties
crowd.properties(较为重要)
hash-registry.properties
lgplTemplate.soy
log4j-diagnostic.properties
log4j.properties
logging.properties
mime.types
osuser.xml
seraph-config.xml
seraph-paths.xml
velocity_implicit.vm
velocity.properties

修复方法

升级到最新版本即可

Reference

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0