{"id":93542,"date":"2018-10-19T01:55:30","date_gmt":"2018-10-19T08:55:30","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=93542"},"modified":"2018-10-16T21:53:16","modified_gmt":"2018-10-17T04:53:16","slug":"unit42-threat-brief-information-on-critical-apache-struts-vulnerability-cve-2018-11776","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2018\/10\/unit42-threat-brief-information-on-critical-apache-struts-vulnerability-cve-2018-11776\/?lang=zh-hant","title":{"rendered":"\u5a01\u8105\u7c21\u5831\uff1a\u6709\u95dc\u91cd\u8981 Apache Struts \u5f31\u9ede CVE-2018-11776 \u7684\u8cc7\u8a0a"},"content":{"rendered":"<p><strong>\u60c5\u6cc1\u6982\u8ff0<\/strong><\/p>\n<p>2018 \u5e74 8 \u6708 22 \u65e5\uff0cApache Foundation <u><a href=\"https:\/\/cwiki.apache.org\/confluence\/display\/WW\/S2-057\" rel=\"nofollow,noopener\" >\u767c\u4f48<\/a><\/u>\u91cd\u8981\u7684\u5b89\u5168\u66f4\u65b0 <u><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-11776\" rel=\"nofollow,noopener\" >CVE-2018-1176<\/a><\/u>\uff0c\u9019\u662f\u6703\u5f71\u97ff Apache Struts 2.3 \u81f3 2.3.34 \u7248\u548c 2.5 \u81f3 2.5.16 \u7248\u7684\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u5f31\u9ede\u3002Apache Foundation \u5df2\u6566\u4fc3\u5404\u65b9\u76e1\u5feb\u5957\u7528\u5b89\u5168\u66f4\u65b0\u3002<\/p>\n<p>\u9019\u500b\u90e8\u843d\u683c\u63d0\u4f9b\u76f8\u95dc\u8cc7\u8a0a\u4ee5\u5229\u7d44\u7e54\u8a55\u4f30\u5176\u5f31\u9ede\u98a8\u96aa\uff0c\u4e26\u5411 Palo Alto Networks \u5ba2\u6236\u63d0\u4f9b\u9632\u8b77\u63aa\u65bd\uff0c\u6709\u52a9\u65bc\u5728\u5957\u7528\u5b89\u5168\u66f4\u65b0\u4e4b\u524d\u964d\u4f4e\u98a8\u96aa\u3002Palo Alto Networks \u5ba2\u6236\u53ea\u9700\u90e8\u7f72 2018 \u5e74 8 \u6708 24 \u65e5\u767c\u4f48\u7684\u6700\u65b0\u5f31\u9ede\u7279\u5fb5\u78bc\uff0c\u5373\u53ef\u7372\u5f97\u5145\u5206\u7684\u4fdd\u8b77\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u5f31\u9ede\u8cc7\u8a0a<\/strong><\/p>\n<p>Apache Foundation \u548c\u5b89\u5168\u7814\u7a76\u4eba\u54e1 <u><a href=\"https:\/\/semmle.com\/news\/apache-struts-CVE-2018-11776#was-i-vulnerable\" rel=\"nofollow,noopener\" >Man Yue Mo<\/a><\/u> \u6307\u51fa\uff0c\u4f3a\u670d\u5668\u57f7\u884c\u5177\u6709\u5f31\u9ede\u7684 Apache Struts \u7248\u672c\u6642\uff0c\u6b64\u5f31\u9ede\u53ef\u4ee5\u5728\u8a72\u4f3a\u670d\u5668\u4e0a\u555f\u7528\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u3002\u653b\u64ca\u65b9\u6cd5\u662f\u900f\u904e\u5411\u5177\u6709\u5f31\u9ede\u7684\u7cfb\u7d71\u767c\u9001\u7279\u88fd\u7684 URL\u3002\u5728\u5927\u591a\u6578\u60c5\u6cc1\u4e0b\uff0c\u9019\u8868\u793a\u7121\u9700\u9a57\u8b49\u5373\u53ef\u5165\u4fb5\u6b64\u5f31\u9ede\u3002<\/p>\n<p>\u653b\u64ca\u5f97\u901e\u5f8c\u5373\u53ef\u5728 Struts \u4f7f\u7528\u7684\u5b89\u5168\u8108\u7d61\u4e2d\u57f7\u884c\u7a0b\u5f0f\u78bc\u3002\u5728\u67d0\u4e9b\u60c5\u6cc1\u4e0b\uff0c\u9019\u53ef\u80fd\u6703\u5c0e\u81f4\u7cfb\u7d71\u906d\u5230\u5b8c\u5168\u5165\u4fb5\u3002<\/p>\n<p>\u4f46\u662f\uff0c\u5fc5\u9808\u6ce8\u610f\uff0c\u5728\u9810\u8a2d\u8a2d\u5b9a\u4e0b\u7121\u6cd5\u5165\u4fb5\u6b64\u5f31\u9ede\u3002\u82e5\u8981\u6210\u529f\u653b\u64ca\u7cfb\u7d71\uff0c\u5fc5\u9808\u6eff\u8db3\u4e0b\u5217\u5169\u9805\u689d\u4ef6\uff1a<\/p>\n<ol>\n<li><a href=\"https:\/\/stackoverflow.com\/questions\/17690956\/how-to-prevent-the-wildcard-namespace-in-struts#17697478\" rel=\"nofollow,noopener\" >alwaysSelectFullNamespace<\/a> \u65d7\u6a19\u5728 Struts \u8a2d\u5b9a\u4e2d\u8a2d\u70ba\u300ctrue\u300d\u3002(\u6ce8\u610f\uff1a\u5982\u679c\u60a8\u7684\u61c9\u7528\u7a0b\u5f0f\u4f7f\u7528\u5e38\u7528\u7684 <u><a href=\"https:\/\/struts.apache.org\/plugins\/convention\/\" rel=\"nofollow,noopener\" >Struts Convention \u5916\u639b\u7a0b\u5f0f<\/a><\/u>\uff0c\u5247\u5916\u639b\u7a0b\u5f0f\u9810\u8a2d\u6703\u5c07\u6b64\u65d7\u6a19\u8a2d\u5b9a\u70ba\u300ctrue\u300d)\u3002<\/li>\n<li>Struts \u61c9\u7528\u7a0b\u5f0f\u6703\u4f7f\u7528\u672a\u6307\u5b9a\u547d\u540d\u7a7a\u9593\u800c\u8a2d\u5b9a\u7684\u300c\u52d5\u4f5c\u300d\uff0c\u6216\u4f7f\u7528\u842c\u7528\u5b57\u5143\u547d\u540d\u7a7a\u9593\u8a2d\u5b9a\u7684\u300c\u52d5\u4f5c\u300d\u3002\u6b64\u689d\u4ef6\u9069\u7528\u65bc Struts \u8a2d\u5b9a\u6a94\u6848\u4e2d\u6307\u5b9a\u7684\u52d5\u4f5c\u548c\u547d\u540d\u7a7a\u9593\u3002\u6ce8\u610f\uff1a\u5982\u679c\u60a8\u7684\u61c9\u7528\u7a0b\u5f0f\u4f7f\u7528\u5e38\u898b\u7684 Struts Convention \u5916\u639b\u7a0b\u5f0f\uff0c\u6b64\u689d\u4ef6\u4e5f\u9069\u7528\u65bc Java \u7a0b\u5f0f\u78bc\u4e2d\u6307\u5b9a\u7684\u52d5\u4f5c\u548c\u547d\u540d\u7a7a\u9593\u3002<\/li>\n<\/ol>\n<p>\u5982\u679c\u60a8\u7684 Struts \u61c9\u7528\u7a0b\u5f0f\u4e0d\u6eff\u8db3\u9019\u5169\u9805\u689d\u4ef6\uff0c\u60a8\u7684\u61c9\u7528\u7a0b\u5f0f\u53ef\u80fd\u4ecd\u7136\u5b58\u5728\u5f31\u9ede\uff0c\u4f46\u662f\u76ee\u524d\u4e0d\u6703\u906d\u53d7 CVE-2018-11776 \u7684\u5165\u4fb5\u3002<\/p>\n<p>\u5c24\u5176\u662f\uff0c\u5982\u679c\u60a8\u7684\u61c9\u7528\u7a0b\u5f0f\u4f7f\u7528\u5e38\u898b\u7684 Struts Convention \u5916\u639b\u7a0b\u5f0f\uff0c\u5247\u76f8\u8f03\u65bc\u4e0d\u4f7f\u7528\u8a72\u5916\u639b\u7a0b\u5f0f\u7684\u5176\u4ed6 Struts \u5be6\u4f5c\u6848\u4f8b\uff0c\u9019\u4f3c\u4e4e\u53ef\u80fd\u6703\u63d0\u9ad8\u906d\u5230\u5165\u4fb5\u7684\u98a8\u96aa\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\u5a01\u8105\u74b0\u5883\u8cc7\u8a0a<\/strong><\/p>\n<p>\u8a72\u5f31\u9ede\u65bc 8 \u6708 22 \u65e5\u8207\u89e3\u6c7a\u8a72\u5f31\u9ede\u7684\u5b89\u5168\u66f4\u65b0\u4e00\u8d77\u62ab\u9732\u3002\u5176\u4e2d\u8a73\u7d30\u89e3\u8aaa\u6b64\u5f31\u9ede\u53ca\u5176\u76ee\u524d\u7684\u5165\u4fb5\u65b9\u5f0f\u3002\u53e6\u5916\u4e5f\u63d0\u4f9b\u89c0\u5ff5\u9a57\u8b49 (PoC) \u7a0b\u5f0f\u78bc\u3002\u5982\u4e0a\u6240\u8ff0\uff0cPoC \u50c5\u9069\u7528\u65bc\u5177\u6709\u5f31\u9ede\u4e14\u6eff\u8db3\u53ef\u5165\u4fb5\u689d\u4ef6\u7684\u7cfb\u7d71\u3002<\/p>\n<p>\u6709\u4e9b\u4eba\u6ce8\u610f\u5230\uff0c\u53bb\u5e74\u5728\u4e00\u500b\u5b89\u5168\u66f4\u65b0\u548c\u5f31\u9ede\u8cc7\u8a0a\u767c\u4f48\u50c5\u4e09\u5929\u5f8c\uff0c\u4e00\u500b\u91cd\u5927\u7684 Struts \u5f31\u9ede\u5373\u906d\u5230\u4e3b\u52d5\u653b\u64ca\u3002<\/p>\n<p>\u76ee\u524d\u6c92\u6709\u5df2\u77e5\u7684\u4e3b\u52d5\u653b\u64ca\uff0c\u800c\u4e14\u5fc5\u9808\u8981\u6eff\u8db3\u5169\u500b\u975e\u9810\u8a2d\u689d\u4ef6\u624d\u80fd\u5165\u4fb5\u6b64\u5f31\u9ede\uff0c\u56e0\u6b64\u6211\u5011\u6240\u9762\u81e8\u7684\u5a01\u8105\u74b0\u5883\u8207\u6b64\u4e0d\u540c\u3002<\/p>\n<p>\u4f46\u662f\uff0c\u5229\u7528\u73fe\u6709\u7684 PoC\uff0c\u900f\u904e\u6709\u9650\u7684\u89c0\u5bdf\u548c\u5206\u6790\uff0c\u6211\u5011\u8a8d\u70ba\u5728\u77ed\u671f\u5167\u4ecd\u53ef\u80fd\u6703\u51fa\u73fe\u5c0d\u65bc\u6b64\u5f31\u9ede\u7684\u5165\u4fb5\u3002<\/p>\n<p>\u7d44\u7e54\u61c9\u8a72\u5c0d\u65bc\u53ef\u80fd\u767c\u751f\u7684\u653b\u64ca\u9032\u884c\u98a8\u96aa\u8a55\u4f30\uff0c\u76f4\u5230\u80fd\u5920\u4fee\u88dc\u9019\u56db\u500b\u65b9\u9762\u70ba\u6b62\uff1a<\/p>\n<ol>\n<li>\u60a8\u662f\u5426\u5728\u4f7f\u7528 Struts Convention \u5916\u639b\u7a0b\u5f0f\uff1f<\/li>\n<li>\u5b83\u5011\u662f\u5426\u6eff\u8db3\u5165\u4fb5\u6240\u9700\u7684\u5169\u9805\u689d\u4ef6\uff1f<\/li>\n<li>\u76ee\u524d\u7684 PoC \u662f\u5426\u6709\u88ab\u6b66\u5668\u5316\u6216\u7528\u65bc\u653b\u64ca\u7684\u8de1\u8c61\uff1f<\/li>\n<li>\u65b0\u7684 PoC \u6216\u653b\u64ca\u7684\u767c\u5c55\u662f\u5426\u4f7f\u5f97\u5165\u4fb5\u6240\u9700\u7684\u5169\u9805\u689d\u4ef6\u8b8a\u6210\u975e\u5fc5\u8981\uff1f<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><strong>\u70ba Palo Alto Networks \u5ba2\u6236\u63d0\u4f9b\u7684\u6307\u5c0e\u548c\u9632\u8b77\u5efa\u8b70<\/strong><\/p>\n<p>\u57f7\u884c\u5177\u6709\u5f31\u9ede\u7684 Apache Struts \u7248\u672c\u7684\u6240\u6709\u7d44\u7e54\u90fd\u61c9\u76e1\u5feb\u90e8\u7f72\u5b89\u5168\u66f4\u65b0\u3002<\/p>\n<p>\u7d44\u7e54\u53ef\u4ee5\u800c\u4e14\u61c9\u8a72\u6839\u64da\u5b89\u5168\u653f\u7b56\u548c\u98a8\u96aa\u8a55\u4f30\u4ee5\u53ca\u76ee\u524d\u53ef\u7528\u7684\u8cc7\u8a0a\uff0c\u512a\u5148\u5b89\u6392\u548c\u90e8\u7f72\u5b89\u5168\u66f4\u65b0\u3002<\/p>\n<p>\u5df2\u5728 2018 \u5e74 8 \u6708 24 \u65e5\u767c\u4f48\u7684\u5167\u5bb9\u767c\u884c\u7248\u672c 8057 (\u5176\u4e2d\u5305\u62ec ID 33948 \u540d\u7a31\uff1aApache Struts 2 Remote Code Execution Vulnerability) \u4e2d\u90e8\u7f72\u5f31\u9ede\u7279\u5fb5\u78bc\u7684 Palo Alto Networks \u5ba2\u6236\uff0c\u5c07\u6703\u5f97\u5230\u4fdd\u8b77\uff0c\u6709\u6548\u9632\u79a6\u76ee\u524d\u5df2\u77e5\u91dd\u5c0d\u8a72\u5f31\u9ede\u767c\u52d5\u7684\u5165\u4fb5\u3002<\/p>\n<p>\u6211\u5011\u7684\u5ba2\u6236\u4ecd\u61c9\u6309\u7167\u4e0a\u8ff0\u5efa\u8b70\u90e8\u7f72\u5b89\u5168\u66f4\u65b0\uff0c\u4f46\u662f\u53ef\u4ee5\u800c\u4e14\u61c9\u8a72\u7acb\u5373\u90e8\u7f72\u6700\u65b0\u7684\u5f31\u9ede\u7279\u5fb5\u78bc\uff0c\u4ee5\u7372\u5f97\u66f4\u5b8c\u5584\u7684\u4fdd\u8b77\u3002\u7531\u65bc\u6709\u9019\u7a2e\u66f4\u5b8c\u5584\u7684\u4fdd\u8b77\u53ef\u4f9b\u63a1\u7528\uff0c\u6211\u5011\u7684\u5ba2\u6236\u5728\u9032\u884c\u6709\u95dc\u5b89\u5168\u548c\u5b89\u5168\u66f4\u65b0\u90e8\u7f72\u7684\u6c7a\u7b56\uff0c\u4ee5\u53ca\u5c0d\u5f31\u9ede\u548c\u5a01\u8105\u74b0\u5883\u9032\u884c\u98a8\u96aa\u8a55\u4f30\u6642\uff0c\u53ef\u4ee5\u800c\u4e14\u61c9\u8a72\u5c0d\u6b64\u9032\u884c\u8003\u616e\u3002<\/p>\n<p>\u4e00\u5982\u5f80\u5e38\uff0c\u6211\u5011\u6b63\u5bc6\u5207\u76e3\u63a7\u60c5\u52e2\uff0c\u5982\u679c\u66f4\u591a\u8a73\u7d30\u8cc7\u8a0a\u5c07\u6703\u5373\u523b\u70ba\u60a8\u5949\u4e0a\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u60c5\u6cc1\u6982\u8ff0 2018 \u5e74 8 \u6708 22 \u65e5\uff0cApache Foundation \u767c\u4f48\u91cd\u8981\u7684\u5b89\u5168\u66f4\u65b0 CVE-2018-1176\uff0c\u9019\u662f\u6703\u5f71\u97ff Apache Struts 2.3 \u81f3 2.3.34 \u7248\u548c 2.5 \u81f3 2.5.16 \u7248\u7684\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u5f31\u9ede\u3002Apache Foundation \u5df2\u6566\u4fc3\u5404\u65b9\u76e1\u5feb\u5957\u7528\u5b89\u5168\u66f4\u65b0\u3002 \u9019\u500b\u90e8\u843d\u683c\u63d0\u4f9b\u76f8\u95dc\u8cc7\u8a0a\u4ee5\u5229\u7d44\u7e54\u8a55\u4f30\u5176\u5f31\u9ede\u98a8\u96aa\uff0c\u4e26\u5411 Palo Alto Networks \u5ba2\u6236\u63d0\u4f9b\u9632\u8b77\u63aa\u65bd\uff0c\u6709\u52a9\u65bc\u5728\u5957\u7528\u5b89\u5168\u66f4\u65b0\u4e4b\u524d\u964d\u4f4e\u98a8\u96aa\u3002Palo Alto Networks \u5ba2\u6236\u53ea\u9700\u90e8\u7f72 2018 \u5e74 &hellip;<\/p>\n","protected":false},"author":287,"featured_media":72302,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3543],"tags":[],"coauthors":[3069],"class_list":["post-93542","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-3543"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2018\/04\/unit42-blog-600x300.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/93542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/287"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=93542"}],"version-history":[{"count":2,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/93542\/revisions"}],"predecessor-version":[{"id":93557,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/93542\/revisions\/93557"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/72302"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=93542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=93542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=93542"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=93542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}