Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to carry out the early warning of the Spring Cloud Config directory traversal vulnerability CVE-2019-3799, which may not be well understood by many people. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

Spring product introduction

Spring is a hierarchical application framework for Java/Java EE/.NET. It is an open source framework of multi-tier J2EE system based on IOC and AOP. It has a good modularization and elegant implementation of MVC, and provides a unified interface for different data access technologies. In addition, the IOC used in it can easily realize the assembly of Bean, and the AOP provided is simple and easy to use, based on which Transaction Management and other functions are realized. Spring provides an easy way to develop, which avoids a large number of property files and helper classes that may cause the underlying code to become cluttered. Currently, the use of this framework is very active. Spring Data is a project module that provides underlying data access in the Spring framework, and Spring Data Commons is a common basic module.

Loophole analysis

CVE-2019-3799 vulnerability principle: because the spring-cloud-config-server module does not impose security restrictions on incoming paths, attackers can use multiple..% 252f for directory traversal to view sensitive files in other paths of the server, resulting in sensitive information disclosure.

The official fixes are as follows:

Through patch comparison, it is found that the isInvalidEncodedPath method has been added to the latest official version to judge the incoming url. If there is a%, the incoming url will be decoded by url. Prevents attackers from bypassing the detection of.. / through url encoding.

The newly added isInvalidPath method detects keywords in url and triggers warning if there is a WEB-INF,META-INF,..,../,.

Loophole recurrence

Download a vulnerable Spring Cloud Config at the following address:

Https://github.com/spring-cloud/spring-cloud-config

After starting the environment, input / test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd using the get method to read the information of the passwd file under linux.

Scope of influence

At present, according to statistics, there are more than 50, 000 Spring servers open to the Internet worldwide, of which more than 28000 are affected in China.

Currently affected Spring Cloud Config versions:

Spring Cloud Config 2.1.0 to 2.1.1

Spring Cloud Config 2.0.0 to 2.0.3

Spring Cloud Config 1.4.0 to 1.4.5

Repair suggestion

The latest official version of Spring has fixed the Spring Cloud Config directory traversal vulnerability, download address: https://github.com/spring-cloud/spring-cloud-config/releases

After reading the above, do you have any further understanding of how to conduct Spring Cloud Config directory traversal vulnerability CVE-2019-3799 early warning? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.