Help us understand the problem. What is going on with this article?

[漏洞通告]CVE-2020-1938/Apache Tomcat 文件读取/文件包含漏洞

漏洞描述

Apache Tomcat是由Apache软件基金会属下Jakarta项目开发的Servlet容器.默认情况下,Apache Tomcat会开启AJP连接器,方便与其他Web服务器通过AJP协议进行交互.但Apache Tomcat在AJP协议的实现上存在漏洞,导致攻击者可以通过发送恶意的AJP请求,可以读取或者包含Web应用根目录下的任意文件,如果配合文件上传任意格式文件,将可能导致任意代码执行(RCE).该漏洞利用AJP服务端口实现攻击,未开启AJP服务对外不受漏洞影响(tomcat默认将AJP服务开启并绑定至0.0.0.0/0).

漏洞编号

CVE-2020-1938
CNVD-2020-10487

漏洞威胁等级

高危

影响范围

Apache Tomcat = 6
7 <= Apache Tomcat < 7.0.100
8 <= Apache Tomcat < 8.5.51
9 <= Apache Tomcat < 9.0.31

漏洞验证

文件读取验证

image.png

文件包含导致RCE验证

image.png

修复建议

  • 1.尽快更新Tomcat到安全版本
  • 2.如果不能升级,请关闭 AJP 服务: 打开 Tomcat 配置文件 Service.xml,注释掉如下行:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

时间轴

[0] 2020/01/03 长亭科技向Apache Tomcat官方提交漏洞
[1] 2020/02/11 Apache Tomcat 官方发布9.0.31、8.5.51 安全更新版本,修复漏洞
[2] 2020/02/14 Apache Tomcat 官方发布7.0.100安全更新版本,修复漏洞
[3] 2020/02/20 CNVD发布安全通告
[4] 2020/02/21 亚信安全网络攻防实验室分析&复现该漏洞并发布漏洞通告

Reference

https://github.com/threedr3am/learnjavabug
https://www.cnvd.org.cn/flaw/show/CNVD-2020-10487
https://mp.weixin.qq.com/s/GzqLkwlIQi_i3AVIXn59FQ

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした