Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to realize the recurrence of Apache Tomcat remote code execution vulnerability CVE-2019-0232

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to achieve the reproduction of Apache Tomcat remote code execution vulnerability CVE-2019-0232, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Brief introduction of vulnerabilities:

On April 10, 2019, Apache Tomcat disclosed a vulnerability numbered CVE-2019-0232, which exists in CGI Servlet with the enableCmdLineArguments option enabled, related to bug during JRE passing parameters to Windows. Successful exploitation could allow a remote attacker to execute arbitrary commands on the targeted server, resulting in full control of the server. Due to the wide range of applications of Apache Tomcat, once the vulnerability is exploited on a large scale, the consequences will be unimaginable.

Threat Typ

Remote code execution, lifting rights

Threat level

High

Vulnerability number

CVE-2019-0232

Affected system and application version

Apache Tomcat 9.0.0.M1 to 9.0.17

Apache Tomcat 8.5.0 to 8.5.39

Apache Tomcat 7.0.0 to 7.0.93

Loophole recurrence: 1. Build the environment

VMware virtual machine windows 7

JDK 1.8.0_73

Apache tomcat 9.0.13

2. Recurrence steps

First install JDK (the jdk_1.8.0_241 I use here) and then configure the environment variables

Download the Tomcat installation package portal in accordance with the version

Download JDK to prepare to configure the environment

1. Install jdk and choose a directory at will. If there are no special requirements, you can install it by default.

2. Install jre → before changing →\ java, the directory is the same as the installation jdk directory.

3. Configure environment variables after JDK installation computer → properties → advanced system settings → advanced → environment variables

4. The system variable → creates a new JAVA_HOME variable.

The variable value fills in the installation directory of jdk

My path is C:\ Program Files\ Java\ jdk1.8.0_241

5. System variable → looks for Path variable → editing

Enter% JAVA_HOME%\ bin;%JAVA_HOME%\ jre\ bin at the end of the variable value

6. System variable → create a new CLASSPATH variable

Fill in the variable value.;% JAVA_HOME%\ lib;%JAVA_HOME%\ lib\ tools.jar

7. Verify whether the configuration runs successfully. If the cmd input java-version shows the version information as shown in the figure, the installation and configuration are successful.

8. Download Tomcat from the above URL. After downloading the installation package, go to the bin directory and execute startup.bat to start tomcat.

9. Visit http://localhost:8080

10. Modify the configuration file

First modify apache-tomcat-9.0.13\ conf\ web.xml

(1) delete this comment and add the code in the red box.

EnableCmdLineArgumentstrueexecutadle

(2) delete the comments here

11. Then change apache-tomcat-9.0.13\ conf\ context.xml

Add the privileged= "true" statement as shown below

The environment has been built!

12. Create a new cgi-bin folder under the apache-tomcat-9.0.13\ webapps\ ROOT\ WEB-INF directory

Create a .bat file within the folder

The following is written in the Bat file

@ echo offecho Content-Type: test/plainecho.set foo=&~1%foo%

13. Access the bat file under the corresponding cgi-bin by direct browser (the bat file will be downloaded by default)

14. Append the system command at the end:

This command is to call up the computer

The loophole reappeared successfully!

2. Repair suggestion

Disable the enableCmdLineArguments parameter.

More stringent parameter validity test rules are adopted for overwriting in conf/web.xml.

Upgrade tomcat to version 9.0.17 or later.

After reading the above, do you have any further understanding of how to reproduce the Apache Tomcat remote code execution vulnerability CVE-2019-0232? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report