当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0122136

漏洞标题:青云某核心业务服务器存在心脏滴血漏洞

相关厂商:qingcloud.com

漏洞作者: 举起手来

提交时间:2015-06-22 18:12

修复时间:2015-08-06 20:48

公开时间:2015-08-06 20:48

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:11

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-22: 细节已通知厂商并且等待厂商处理中
2015-06-22: 厂商已经确认,细节仅向厂商公开
2015-07-02: 细节向核心白帽子及相关领域专家公开
2015-07-12: 细节向普通白帽子公开
2015-07-22: 细节向实习白帽子公开
2015-08-06: 细节向公众公开

简要描述:

我有杀气 举起手来

详细说明:

ping console.qingcloud.com
PING console.qingcloud.com (117.121.25.2): 56 data bytes
Request timeout for icmp_seq 0


....#..... .....................................cation/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3..Accept-Encoding: gzip, deflate..Sec-WebSocket-Version: 13..Origin: https://console.qingcloud.com..Sec-WebSocket-Extensions: permessage-deflate..Sec-WebSocket-Key: LY6MIyx5lalYCGvQ4bsl3w==..Cookie: __utma=52871208.444737175.1434699539.1434704945.1434938617.4; __utmz=52871208.1434699539.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sk=i1bEHQeBmEaNPitObdu5Fw6np787Bz3q; __utmb=52871208.4.10.1434938617; __utmc=52871208; lang=zh-cn..Connection: keep-alive, Upgrade..Pragma: no-cache..Cache-Control: no-cache..Upgrade: websocket....68+ul d.*.....w...a........u5.....+3.l...................o.ZL=[.=.......E}.s..................!.....U?!...............P.@.....0.......4.........c.......c.............................q.......P.z.......c......................_).......k.......m.......k.......$.T!.....G.............z.2...............Z.1.$`N.L/..5....*0.z>K[..n......(.^...2.Pt.wv_ZHd.,m.+|.U...W..r..%../4X..........flN..@T........g.ny....DJf3.k.h.#....C..M..Q.D..h...67....F..../k..C.e.<z..L$.A....@..nGo7....k..|.E......+...W>.....V.V`.|.BnL....]\\.)....oP.....8\".9.......l...b...>.Y..\\...`.R.J3t.....).\'.h2-16.h2-15.h2-14.h2.spdy/3.1.http/1.1..................................c...................................................................................................tma=52871208.757200336.1428469079.1434505118.1434576182.29; __utmz=52871208.1428469079.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmc=52871208; sk=Cb2RQTmao5PFTftAzM5AHVqsRR5jah9l; lang=zh-cn..Connection: keep-alive.....F.....;(..8.nyV..U.......i9Y<...0.dg.K.Nc-WebSocket-Key: 6POALKbQNwOIR8YSfp71vw==..Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits.....oC39C....?%V...ate; client_max_window_bits.....@(....n.~......ts....I.....%.%.-..K9mient_max_window_bits....LO>......f.S.f[/ozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36..Accept-Encoding: gzip, deflate, sdch..Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,zh-TW;q=0.2,ja;q=0.2..Cookie: sk=0f81R3less0deT75Zt5I05cVusGdk2nr; lang=zh-cn; __utma=52871208.874676821.1428464510.1434512987.1434592412.65; __utmc=52871208; __utmz=52871208.1428464510.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)..Sec-WebSocket-Key: 8O2ThrDkY2x4riAyLX30dQ==..Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits....d.......*...%..+..N>........iax_window_bits.......w.q`;.g..I...^.../u..................ons: permessage-deflate; client_max_window_bits....HH-i.8....Z.I......


IP:14.29.83.5:8000<br>存在openssl 信息泄露: <br>
.@....SC[...r....+..H...9........w.3....f.....\".!.9.8.........5.............................3.2.....E.D...../...A.................................I...........4.2...................................................#...........................#..... .....................................ost&field=chat_robot_lost&type=plus&company_id=1..Connection: close..Accept-Encoding: gzip....p.\".,..9..C....qTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36..Accept-Encoding: gzip, deflate, sdch..Accept-Language: zh-CN,zh;q=0.8..Cookie: __utmt=1; sk=P0N3hfb1tNhSLrlTcX7HqB67uB8laxJJ; lang=zh-cn; __utma=52871208.106743412.1428224467.1434942010.1434949369.8; __utmb=52871208.9.10.1434949369; __utmc=52871208; __utmz=52871208.1434893668.6.3.utmcsr=baidu|utmccn=(organic)|utmcmd=organic|utmctr=%E9%9D%92%E4%BA%91..Sec-WebSocket-Key: THo6W1/5Ut2eQr3l2a1yIw==..Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits.....tf7M.r.i.2.....42190.82; __utmz=52871208.1434819876.81.4.utmcsr=qingcloud.com|utmccn=(referral)|utmcmd=referral|utmcct=/; sk=DJQOsGiNuojEvWzpxdmMBgtxeFCHZGfj; __utmc=52871208; lang=zh-cn..Connection: keep-alive......_.......1..G....V.................i/index.html..Sec-WebSocket-Key: HrZKlWaYEOzyI8/JvYcSIQ==..Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits.........EX......I,. client_max_window_bits.......TQR..........ocket.......L..S..P..,P.$..!{.....pgrade: websocket....y........P..................................................................................................................................................................................................................................................................................................................................x.....Z.`Y......7..............................................................................................................................=.;...a}`iX......T......>.._y.Db.jX......7.........................................................^S....eX..............................................................................................................................................................................................................................................................k..-.l.0`Y..... +........................................................................................................................................................................................................................................................................................................................................................................................................n~..\"g.hX......................................................................................................................................................................................^..*C....U......7......................................................................................................................................................................................................n...:.....X......7................................................................................................................................................................................}......iX......7......w......r.........S...............................T`b%....`Y......7.......2..P.. .hX......|W..................................=h..hX.....@.................................................................................................P....../........P....../......._.m.#....l...}...e.|j....ks.e..[..59a0ffc4?uid=usr-sGBxjbSK&sid=bL28d86Tlwrh1GvbRP6VFJGN77wGimDf&zid=gd1 HTTP/1.1..Host: push.qingcloud.com:8000..Connection: Upgrade..Pragma: no-cache..Cache-Control: no-cache..Upgrade: websocket..Origin: https://console.qingcloud.com..Sec-WebSocket-Version: 13..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36..Accept-Encoding: gzip, deflate, sdch..Accept-Language: zh-CN,zh;q=0.8..Cookie: sk=bL28d86Tlwrh1GvbRP6VFJGN77wGimDf; lang=zh-cn; __utma=52871208.597257020.1414820288.1433297498.1434334074.61; __utmc=52871208; __utmz=52871208.1417055879.12.2.utmcsr=baidu|utmccn=(organic)|utmcmd=organic|utmctr=%E9%9D%92%E4%BA%91..Sec-WebSocket-Key: fxYj+vKgGHCjNC7L/ZpluQ==..Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits....bA\"].Dp.........08.1432801841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)..Sec-WebSocket-Key: YgjMm3n3NSDkUGXkv+pTtw==..Sec-WebSocket-Extensions: permessage-deflate;

漏洞证明:

修复方案:

版权声明:转载请注明来源 举起手来@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-06-22 20:46

厂商回复:

已更新 openssl。之前已经整体更新过,但是遗漏了一台虚机,多谢提醒。

最新状态:

暂无