乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-28: 细节已通知厂商并且等待厂商处理中 2015-10-30: 厂商已经确认,细节仅向厂商公开 2015-11-09: 细节向核心白帽子及相关领域专家公开 2015-11-19: 细节向普通白帽子公开 2015-11-29: 细节向实习白帽子公开 2015-12-14: 细节向公众公开
用某些人说的话讲:影响上亿用户
**.**.**.**下有多个s2-16执行点但都是同一个Struts就不一一列举了。
https://**.**.**.**/oauth2/genqr
经过多次执行发现返回的结果不一样,结果发现是一个有负载均衡分发的服务器群,内有至少20余太服务器,都存在同一漏洞。该服务器群是中国联通网上营业厅的同一认证系统,被漏洞恶意利用可能产生巨大影响。
部分主机列表:
Linux tongyirenzheng-app20_42_12 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-15 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-16 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-17 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-19 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-20 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-22 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-24 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-25 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-26 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux tongyirenzheng-app20-42-27 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/LinuxLinux BJ-XHM-P3-06-HS22-KX-L595 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/LinuxLinux BJ-XHM-P3-06-HS22-KX-L647 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/LinuxLinux bj-upay-xhm-4f03-l3-m910-ingtw-01 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/LinuxLinux bj-upay-xhm-4f03-l3-m910-ingtw-02 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/LinuxLinux bj-upay-xhm-4f03-l3-m910-ingtw-04 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/LinuxLinux bj-upay-xhm-4f03-l4-m910-ingtw-06 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/LinuxLinux bj-upay-xhm-4f03-l4-m910-ingtw-07 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/LinuxLinux bj-upay-xhm-4f03-l4-m910-ingtw-08 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/LinuxLinux bj-uac-xhm-4f03-p7-hs22-app-01 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
服务器基本是两种:
Red Hat Enterprise Linux Server release 5.5 (Tikanga)Kernel \r on an \mUnauthorized access is prohibited,All activities may be monitored.Red Hat Enterprise Linux Server release 6.4 (Santiago)Kernel \r on an \m
不应该发生的漏洞就不多说什么了,运维自己反思~
危害等级:高
漏洞Rank:10
确认时间:2015-10-30 15:27
CNVD确认并复现所述情况,已经转由CNCERT向中国联通集团公司通报,由其后续协调网站管理部门处置.
暂无