qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Apache-Solr-collections-fil...

128 lines
4.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Apache Solr collections file action parameter Log4j2 command execution vulnerability",
"Description": "<p>Apache Solr is an open source search service, developed using the Java language, mainly based on HTTP and Apache Lucene.</p><p>Apache Solr has Log4j2 jndi injection command execution vulnerability. Attackers can use this feature to construct special data request packets through this vulnerability, and ultimately trigger remote code execution.</p>",
"Product": "Apache Solr",
"Homepage": "https://solr.apache.org/index.html",
"DisclosureDate": "2021-12-14",
"Author": "Chin",
"FofaQuery": "app=\"APACHE-Solr\"",
"GobyQuery": "app=\"APACHE-Solr\"",
"Level": "3",
"Impact": "<p>Apache Solr has Log4j2 jndi injection command execution vulnerability. Attackers can use this feature to construct special data request packets through this vulnerability, and ultimately trigger remote code execution.</p>",
"Recommendation": "<p>1. Upgrade to log4j-2.16.0-rc1: <br></p><p>&nbsp;Download address: <a href=\"https://github.com/apache/logging-log4j2/ releases/tag/log4j-2.16.0-rc1\">https://github.com/apache/logging-log4j2/releases/tag/log4j-2.16.0-rc1</a></p><p> 2. Emergency mitigation measures:</p><p>(1) Modify the jvm parameter -Dlog4j2.formatMsgNoLookups=true</p><p>(2) Modify the configuration log4j2.formatMsgNoLookups=True</p><p>( 3) Set the system environment variable FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS to true</p>",
"References": [],
"Is0day": false,
"Translation": {
"CN": {
"Name": "Apache Solr collections 文件 action参数 Log4j2 命令执行漏洞",
"Product": "Apache Solr",
"VulType": [
"命令执行"
],
"Tags": [
"命令执行"
],
"Description": "<p>Apache Solr是一个开源的搜索服务使用Java语言开发主要基于HTTP和Apache Lucene实现的。<br></p><p><span style=\"font-size: 16px;\"><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Apache Solr</span> 存在 Log4j2 jndi 注入命令执行漏洞,攻击者利用此特性可通过该漏洞构造特殊的数据请求包,最终触发远程代码执行。</span><br></p>",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Apache Solr</span><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">&nbsp;存在 Log4j2 jndi 注入命令执行漏洞,攻击者利用此特性可通过该漏洞构造特殊的数据请求包,最终触发远程代码执行。</span><br></p>",
"Recommendation": "<p><span style=\"color: var(--primaryFont-color);\">1、升级至 log4j-2.16.0-rc1</span><br></p><p>&nbsp;下载地址:<a href=\"https://github.com/apache/logging-log4j2/releases/tag/log4j-2.16.0-rc1\">https://github.com/apache/logging-log4j2/releases/tag/log4j-2.16.0-rc1</a></p><p>2、紧急缓解措施</p><p>1 修改 jvm 参数 -Dlog4j2.formatMsgNoLookups=true</p><p>2 修改配置 log4j2.formatMsgNoLookups=True</p><p>3 将系统环境变量 FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS 设置 为 true</p>"
}
},
"HasExp": false,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
""
],
"CNNVD": [
""
],
"CNVD": [
""
],
"CVSSScore": "10.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink