乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-02: 细节已通知厂商并且等待厂商处理中 2015-12-07: 厂商已经确认,细节仅向厂商公开 2015-12-17: 细节向核心白帽子及相关领域专家公开 2015-12-27: 细节向普通白帽子公开 2016-01-06: 细节向实习白帽子公开 2016-01-21: 细节向公众公开
SOLR未授权访问
http://news.lenovomm.com/solr/#/
STOP.KEYsolrrocksSTOP.PORT7983awt.toolkitsun.awt.X11.XToolkitfile.encodingUTF-8file.encoding.pkgsun.iofile.separator/java.awt.graphicsenvsun.awt.X11GraphicsEnvironmentjava.awt.printerjobsun.print.PSPrinterJobjava.class.path/data/solr-5.2.1/server/lib/javax.servlet-api-3.1.0.jar/data/solr-5.2.1/server/lib/jetty-continuation-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-deploy-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-http-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-io-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-jmx-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-rewrite-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-security-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-server-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-servlet-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-servlets-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-util-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-webapp-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/jetty-xml-9.2.10.v20150310.jar/data/solr-5.2.1/server/lib/ext/jcl-over-slf4j-1.7.7.jar/data/solr-5.2.1/server/lib/ext/jul-to-slf4j-1.7.7.jar/data/solr-5.2.1/server/lib/ext/log4j-1.2.17.jar/data/solr-5.2.1/server/lib/ext/slf4j-api-1.7.7.jar/data/solr-5.2.1/server/lib/ext/slf4j-log4j12-1.7.7.jar/data/solr-5.2.1/server/resourcesjava.class.version52.0java.endorsed.dirs/data/java/jdk1.8.0_31/jre/lib/endorsedjava.ext.dirs/data/java/jdk1.8.0_31/jre/lib/ext/usr/java/packages/lib/extjava.home/data/java/jdk1.8.0_31/jrejava.io.tmpdir/tmpjava.library.path/usr/java/packages/lib/amd64/usr/lib64/lib64/lib/usr/libjava.runtime.nameJava(TM) SE Runtime Environmentjava.runtime.version1.8.0_31-b13java.specification.nameJava Platform API Specificationjava.specification.vendorOracle Corporationjava.specification.version1.8java.vendorOracle Corporationjava.vendor.urlhttp://java.oracle.com/java.vendor.url.bughttp://bugreport.sun.com/bugreport/java.version1.8.0_31java.vm.infomixed modejava.vm.nameJava HotSpot(TM) 64-Bit Server VMjava.vm.specification.nameJava Virtual Machine Specificationjava.vm.specification.vendorOracle Corporationjava.vm.specification.version1.8java.vm.vendorOracle Corporationjava.vm.version25.31-b07jetty.base/data/solr-5.2.1/serverjetty.home/data/solr-5.2.1/serverjetty.port8983jetty.version9.2.10.v20150310line.separator\nos.archamd64os.nameLinuxos.version2.6.18-348.el5path.separator:solr.install.dir/data/solr-5.2.1solr.solr.home/data/solr-5.2.1/server/solrsun.arch.data.model64sun.boot.class.path/data/java/jdk1.8.0_31/jre/lib/resources.jar/data/java/jdk1.8.0_31/jre/lib/rt.jar/data/java/jdk1.8.0_31/jre/lib/sunrsasign.jar/data/java/jdk1.8.0_31/jre/lib/jsse.jar/data/java/jdk1.8.0_31/jre/lib/jce.jar/data/java/jdk1.8.0_31/jre/lib/charsets.jar/data/java/jdk1.8.0_31/jre/lib/jfr.jar/data/java/jdk1.8.0_31/jre/classessun.boot.library.path/data/java/jdk1.8.0_31/jre/lib/amd64sun.cpu.endianlittlesun.cpu.isalistsun.io.unicode.encodingUnicodeLittlesun.java.commandstart.jar -XX:OnOutOfMemoryError=/data/solr-5.2.1/bin/oom_solr.sh 8983 /data/solr-5.2.1/server/logs --module=httpsun.java.launcherSUN_STANDARDsun.jnu.encodingUTF-8sun.management.compilerHotSpot 64-Bit Tiered Compilerssun.os.patch.levelunknownuser.countryUSuser.dir/data/solr-5.2.1/serveruser.home/rootuser.languageenuser.namerootuser.timezoneUTCzookeeper.jmx.log4j.disabletrue
如上
危害等级:中
漏洞Rank:5
确认时间:2015-12-07 07:23
感谢提交漏洞
暂无