Shulou(Shulou.com)05/31 Report--

This article is to share with you what the solution to the vulnerability repair of apache website is, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Apache has recently exposed more and more vulnerabilities. Its solr products have a vulnerability in executing malicious code on remote servers. The main reason for this vulnerability is a port module that collects apache dataimporthandler data externally. This module supports communication from remote addresses and collects multiple data. Precisely because the remote address is open, attackers can construct malicious code to inject scripts into DIH. As a result, the back-end server executes malicious code, and this vulnerability can cause the server to be attacked and invaded. For more information about this vulnerability, we will give you an in-depth analysis by SINE security technology:

Apache, which has a wide range of vulnerabilities that is lower than solr 8.2.0, will be affected and exploited. The solr module itself supports the function of collecting and importing data from remote addresses. When users use dataimport, the handleRequestBody class will be called first, and the requested module will be reconfigured. The default code will judge the postvalue in the params.getDataConfig () parameter. If the value is empty, the configuration in dataconfig will not be loaded. The screenshot is as follows:

Then load the configuration, assign the relevant parameters of the post value, such as datasoure,document and other variables, the custom parameters in post will be automatically stored in the variable, and then return the data and save it to import the data.

This is where the attacker constructs malicious code, when dofulldump parses and converts values regularly, resulting in malicious code being executed, which can be written into a lot of java classes. Apache does not securely filter and restrict the content, so that arbitrary malicious code can be injected into its server to execute. We constructed a POC to execute the calculator, and we took a screenshot to see the effect of the use:

So how do you fix apache vulnerabilities?

First of all, please ask the operation and maintenance staff of the website server to continue to view the current version of apache solr, log in to the control panel of solr, and you can view the current version. If it is less than 8.2.0, you can upgrade the version of solr to the latest version, or you can modify the apache configuration file. The file name is solrconfig.xml, and the datainport values in the configuration file are all commented out. Turn off this data collection function, and some websites APP may use this feature, after shutting down, please check the normal function of the site, whether it has been affected, no impact can be closed.

The above is the solution to the vulnerability repair of apache website, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.