乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-12-08: 细节已通知厂商并且等待厂商处理中 2014-12-08: 厂商已经确认,细节仅向厂商公开 2014-12-18: 细节向核心白帽子及相关领域专家公开 2014-12-28: 细节向普通白帽子公开 2015-01-07: 细节向实习白帽子公开 2015-01-22: 细节向公众公开
快一个月没挖中石油了,发现股票涨了不少,乌云竟然有账号了,求不忽略。。。
http://www.petropub.com:8085/solr未授权访问
http://www.petropub.com:8085/#/~java-properties
catalina.base/usr/local/tomcat5catalina.home/usr/local/tomcat5catalina.useNamingtruecommon.loader${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jarfile.encodingutf-8file.encoding.pkgsun.iofile.separator/java.awt.graphicsenvsun.awt.X11GraphicsEnvironmentjava.awt.printerjobsun.print.PSPrinterJobjava.class.path/usr/local/tomcat5/bin/bootstrap.jar/usr/local/tomcat5/bin/commons-logging-api.jarjava.class.version50.0java.endorsed.dirs/usr/local/tomcat5/common/endorsedjava.ext.dirs/usr/local/jdk1.6.0_45/jre/lib/ext/usr/java/packages/lib/extjava.home/usr/local/jdk1.6.0_45/jrejava.io.tmpdir/usr/local/tomcat5/tempjava.library.path/usr/local/jdk1.6.0_45/jre/lib/amd64/server/usr/local/jdk1.6.0_45/jre/lib/amd64/usr/local/jdk1.6.0_45/jre/../lib/amd64/usr/java/packages/lib/amd64/usr/lib64/lib64/lib/usr/libjava.naming.factory.initialorg.apache.naming.java.javaURLContextFactoryjava.naming.factory.url.pkgsorg.apache.namingjava.runtime.nameJava(TM) SE Runtime Environmentjava.runtime.version1.6.0_45-b06java.specification.nameJava Platform API Specificationjava.specification.vendorSun Microsystems Inc.java.specification.version1.6java.util.logging.config.file/usr/local/tomcat5/conf/logging.propertiesjava.util.logging.managerorg.apache.juli.ClassLoaderLogManagerjava.vendorSun Microsystems Inc.java.vendor.urlhttp://java.sun.com/java.vendor.url.bughttp://java.sun.com/cgi-bin/bugreport.cgijava.version1.6.0_45java.vm.infomixed modejava.vm.nameJava HotSpot(TM) 64-Bit Server VMjava.vm.specification.nameJava Virtual Machine Specificationjava.vm.specification.vendorSun Microsystems Inc.java.vm.specification.version1.0java.vm.vendorSun Microsystems Inc.java.vm.version20.45-b01line.separator\nos.archamd64os.nameLinuxos.version2.6.32-431.20.3.el6.x86_64package.accesssun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans.package.definitionsun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.path.separator:server.loadershared.loadersun.arch.data.model64sun.boot.class.path/usr/local/jdk1.6.0_45/jre/lib/resources.jar/usr/local/jdk1.6.0_45/jre/lib/rt.jar/usr/local/jdk1.6.0_45/jre/lib/sunrsasign.jar/usr/local/jdk1.6.0_45/jre/lib/jsse.jar/usr/local/jdk1.6.0_45/jre/lib/jce.jar/usr/local/jdk1.6.0_45/jre/lib/charsets.jar/usr/local/jdk1.6.0_45/jre/lib/modules/jdk.boot.jar/usr/local/jdk1.6.0_45/jre/classessun.boot.library.path/usr/local/jdk1.6.0_45/jre/lib/amd64sun.cpu.endianlittlesun.cpu.isalistsun.io.unicode.encodingUnicodeLittlesun.java.commandorg.apache.catalina.startup.Bootstrap startsun.java.launcherSUN_STANDARDsun.jnu.encodingANSI_X3.4-1968sun.management.compilerHotSpot 64-Bit Tiered Compilerssun.os.patch.levelunknowntomcat.util.buf.StringCache.byte.enabledtrueuser.countryUSuser.dir/user.home/rootuser.languageenuser.namerootuser.timezoneAsia/Shanghai
加强权限
危害等级:中
漏洞Rank:7
确认时间:2014-12-08 12:57
正在整改,谢谢提交
2014-12-15:已完成整改,多谢。