乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-10: 细节已通知厂商并且等待厂商处理中 2015-05-10: 厂商已经确认,细节仅向厂商公开 2015-05-20: 细节向核心白帽子及相关领域专家公开 2015-05-30: 细节向普通白帽子公开 2015-06-09: 细节向实习白帽子公开 2015-06-24: 细节向公众公开
GfanUcMembers服务器,某分站远程命令执行(已成马场)
http://test.gfan.com:8082/struts_spy/example/HelloWorld.action
jmx-console没删除,里面一堆后门http://test.gfan.com:8082/jmx-console/
domain="DefaultDomain",system=1158932989domain="jboss.console:sar=console-mgr.sar",system=1158932989domain="org.jboss.on:loader=embedded",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/ROOT.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/c.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/http-invoker.sar/invoker.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/jbossws.sar/jbossws-management.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/jmx-console.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/job3.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/job4.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/management/ccc.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/management/console-mgr.sar/web-console.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/management/myname.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/management/mynamee1.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/management/upload5warn.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/management/upload5warn11.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/struts_spy.war/",system=1158932989domain="vfsfile:/usr/local/jboss-5.1.0.GA/server/default/deploy/test1.war/",system=1158932989domain="vfszip:/usr/local/jboss-5.1.0.GA/server/default/deploy/GfanUcMembers.war/",system=1158932989id="aop-classloader:0.0.0$MODULE"
删除掉不用的服务
危害等级:中
漏洞Rank:10
确认时间:2015-05-10 11:02
修复中,谢谢
暂无