当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-086106

漏洞标题:中石油某站solr未授权访问(可能恶意篡改站点新闻)

相关厂商:中国石油天然气集团公司

漏洞作者: JulyTornado

提交时间:2014-12-08 10:54

修复时间:2015-01-22 10:56

公开时间:2015-01-22 10:56

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:7

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-12-08: 细节已通知厂商并且等待厂商处理中
2014-12-08: 厂商已经确认,细节仅向厂商公开
2014-12-18: 细节向核心白帽子及相关领域专家公开
2014-12-28: 细节向普通白帽子公开
2015-01-07: 细节向实习白帽子公开
2015-01-22: 细节向公众公开

简要描述:

快一个月没挖中石油了,发现股票涨了不少,乌云竟然有账号了,求不忽略。。。

详细说明:

http://www.petropub.com:8085/
solr未授权访问

1.png


11.png


漏洞证明:

http://www.petropub.com:8085/#/~java-properties

catalina.​base/usr/local/tomcat5
catalina.​home/usr/local/tomcat5
catalina.​useNamingtrue
common.​loader${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
file.​encodingutf-8
file.​encoding.​pkgsun.io
file.​separator/
java.​awt.​graphicsenvsun.awt.X11GraphicsEnvironment
java.​awt.​printerjobsun.print.PSPrinterJob
java.​class.​path/usr/local/tomcat5/bin/bootstrap.jar/usr/local/tomcat5/bin/commons-logging-api.jar
java.​class.​version50.0
java.​endorsed.​dirs/usr/local/tomcat5/common/endorsed
java.​ext.​dirs/usr/local/jdk1.6.0_45/jre/lib/ext/usr/java/packages/lib/ext
java.​home/usr/local/jdk1.6.0_45/jre
java.​io.​tmpdir/usr/local/tomcat5/temp
java.​library.​path/usr/local/jdk1.6.0_45/jre/lib/amd64/server/usr/local/jdk1.6.0_45/jre/lib/amd64/usr/local/jdk1.6.0_45/jre/../lib/amd64/usr/java/packages/lib/amd64/usr/lib64/lib64/lib/usr/lib
java.​naming.​factory.​initialorg.apache.naming.java.javaURLContextFactory
java.​naming.​factory.​url.​pkgsorg.apache.naming
java.​runtime.​nameJava(TM) SE Runtime Environment
java.​runtime.​version1.6.0_45-b06
java.​specification.​nameJava Platform API Specification
java.​specification.​vendorSun Microsystems Inc.
java.​specification.​version1.6
java.​util.​logging.​config.​file/usr/local/tomcat5/conf/logging.properties
java.​util.​logging.​managerorg.apache.juli.ClassLoaderLogManager
java.​vendorSun Microsystems Inc.
java.​vendor.​urlhttp://java.sun.com/
java.​vendor.​url.​bughttp://java.sun.com/cgi-bin/bugreport.cgi
java.​version1.6.0_45
java.​vm.​infomixed mode
java.​vm.​nameJava HotSpot(TM) 64-Bit Server VM
java.​vm.​specification.​nameJava Virtual Machine Specification
java.​vm.​specification.​vendorSun Microsystems Inc.
java.​vm.​specification.​version1.0
java.​vm.​vendorSun Microsystems Inc.
java.​vm.​version20.45-b01
line.​separator\n
os.​archamd64
os.​nameLinux
os.​version2.6.32-431.20.3.el6.x86_64
package.​accesssun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans.
package.​definitionsun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
path.​separator:
server.​loader
shared.​loader
sun.​arch.​data.​model64
sun.​boot.​class.​path/usr/local/jdk1.6.0_45/jre/lib/resources.jar/usr/local/jdk1.6.0_45/jre/lib/rt.jar/usr/local/jdk1.6.0_45/jre/lib/sunrsasign.jar/usr/local/jdk1.6.0_45/jre/lib/jsse.jar/usr/local/jdk1.6.0_45/jre/lib/jce.jar/usr/local/jdk1.6.0_45/jre/lib/charsets.jar/usr/local/jdk1.6.0_45/jre/lib/modules/jdk.boot.jar/usr/local/jdk1.6.0_45/jre/classes
sun.​boot.​library.​path/usr/local/jdk1.6.0_45/jre/lib/amd64
sun.​cpu.​endianlittle
sun.​cpu.​isalist
sun.​io.​unicode.​encodingUnicodeLittle
sun.​java.​commandorg.apache.catalina.startup.Bootstrap start
sun.​java.​launcherSUN_STANDARD
sun.​jnu.​encodingANSI_X3.4-1968
sun.​management.​compilerHotSpot 64-Bit Tiered Compilers
sun.​os.​patch.​levelunknown
tomcat.​util.​buf.​StringCache.​byte.​enabledtrue
user.​countryUS
user.​dir/
user.​home/root
user.​languageen
user.​nameroot
user.​timezoneAsia/Shanghai


1.png

修复方案:

加强权限

版权声明:转载请注明来源 JulyTornado@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2014-12-08 12:57

厂商回复:

正在整改,谢谢提交

最新状态:

2014-12-15:已完成整改,多谢。