当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0128169

漏洞标题:闪银solr未授权访问

相关厂商:北京闪银奇异科技有限公司

漏洞作者: 路人甲

提交时间:2015-07-22 15:07

修复时间:2015-09-05 17:16

公开时间:2015-09-05 17:16

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:8

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-22: 细节已通知厂商并且等待厂商处理中
2015-07-22: 厂商已经确认,细节仅向厂商公开
2015-08-01: 细节向核心白帽子及相关领域专家公开
2015-08-11: 细节向普通白帽子公开
2015-08-21: 细节向实习白帽子公开
2015-09-05: 细节向公众公开

简要描述:

RT

详细说明:

闪银solr未授权访问

http://www.wecash.net/solr/#/


1.jpg


参考: WooYun: 中青宝solr外网可访问(泄露数据库密码)

漏洞证明:

awt.​toolkitsun.awt.X11.XToolkit
catalina.​base/root/services/tomcat-solr
catalina.​home/root/services/tomcat-solr
catalina.​useNamingtrue
common.​loader${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
file.​encodingUTF-8
file.​encoding.​pkgsun.io
file.​separator/
java.​awt.​graphicsenvsun.awt.X11GraphicsEnvironment
java.​awt.​printerjobsun.print.PSPrinterJob
java.​class.​path/root/services/tomcat-solr/bin/bootstrap.jar/root/services/tomcat-solr/bin/tomcat-juli.jar
java.​class.​version51.0
java.​endorsed.​dirs/root/services/tomcat-solr/endorsed
java.​ext.​dirs/usr/local/java/jdk1.7.0_51/jre/lib/ext/usr/java/packages/lib/ext
java.​home/usr/local/java/jdk1.7.0_51/jre
java.​io.​tmpdir/root/services/tomcat-solr/temp
java.​library.​path/usr/java/packages/lib/amd64/usr/lib64/lib64/lib/usr/lib
java.​naming.​factory.​initialorg.apache.naming.java.javaURLContextFactory
java.​naming.​factory.​url.​pkgsorg.apache.naming
java.​runtime.​nameJava(TM) SE Runtime Environment
java.​runtime.​version1.7.0_51-b13
java.​specification.​nameJava Platform API Specification
java.​specification.​vendorOracle Corporation
java.​specification.​version1.7
java.​util.​logging.​config.​file/root/services/tomcat-solr/conf/logging.properties
java.​util.​logging.​managerorg.apache.juli.ClassLoaderLogManager
java.​vendorOracle Corporation
java.​vendor.​urlhttp://java.oracle.com/
java.​vendor.​url.​bughttp://bugreport.sun.com/bugreport/
java.​version1.7.0_51
java.​vm.​infomixed mode
java.​vm.​nameJava HotSpot(TM) 64-Bit Server VM
java.​vm.​specification.​nameJava Virtual Machine Specification
java.​vm.​specification.​vendorOracle Corporation
java.​vm.​specification.​version1.7
java.​vm.​vendorOracle Corporation
java.​vm.​version24.51-b03
line.​separator\n
org.​apache.​catalina.​startup.​ContextConfig.​jarsToSkip
org.​apache.​catalina.​startup.​TldConfig.​jarsToSkiptomcat7-websocket.jar
os.​archamd64
os.​nameLinux
os.​version3.2.0-29-generic
package.​accesssun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
package.​definitionsun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
path.​separator:
server.​loader
shared.​loader
sun.​arch.​data.​model64
sun.​boot.​class.​path/usr/local/java/jdk1.7.0_51/jre/lib/resources.jar/usr/local/java/jdk1.7.0_51/jre/lib/rt.jar/usr/local/java/jdk1.7.0_51/jre/lib/sunrsasign.jar/usr/local/java/jdk1.7.0_51/jre/lib/jsse.jar/usr/local/java/jdk1.7.0_51/jre/lib/jce.jar/usr/local/java/jdk1.7.0_51/jre/lib/charsets.jar/usr/local/java/jdk1.7.0_51/jre/lib/jfr.jar/usr/local/java/jdk1.7.0_51/jre/classes
sun.​boot.​library.​path/usr/local/java/jdk1.7.0_51/jre/lib/amd64
sun.​cpu.​endianlittle
sun.​cpu.​isalist
sun.​io.​unicode.​encodingUnicodeLittle
sun.​java.​commandorg.apache.catalina.startup.Bootstrap start
sun.​java.​launcherSUN_STANDARD
sun.​jnu.​encodingUTF-8
sun.​management.​compilerHotSpot 64-Bit Tiered Compilers
sun.​os.​patch.​levelunknown
tomcat.​util.​buf.​StringCache.​byte.​enabledtrue
tomcat.​util.​scan.​DefaultJarScanner.​jarsToSkipbootstrap.jar,commons-daemon.jar,tomcat-juli.jar,annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,jasper.jar,jasper-el.jar,ecj-*.jar,tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,tomcat-jni.jar,tomcat-spdy.jar,tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,tomcat-jdbc.jar,tools.jar,commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,commons-math*.jar,commons-pool*.jar,jstl.jar,geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,xom-*.jar
user.​countryUS
user.​dir/root/services/tomcat-solr/bin
user.​home/root
user.​languageen
user.​nameroot
user.​timezoneAsia/Shanghai

修复方案:

我是来找礼物的!

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-07-22 17:15

厂商回复:

感谢对闪银的关注,我们会尽快修复漏洞。

最新状态:

暂无