In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
Today, I will talk to you about how to achieve the reproduction of Apache Tomcat remote code execution vulnerability CVE-2019-0232, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.
Brief introduction of vulnerabilities:
On April 10, 2019, Apache Tomcat disclosed a vulnerability numbered CVE-2019-0232, which exists in CGI Servlet with the enableCmdLineArguments option enabled, related to bug during JRE passing parameters to Windows. Successful exploitation could allow a remote attacker to execute arbitrary commands on the targeted server, resulting in full control of the server. Due to the wide range of applications of Apache Tomcat, once the vulnerability is exploited on a large scale, the consequences will be unimaginable.
Threat Typ
Remote code execution, lifting rights
Threat level
High
Vulnerability number
CVE-2019-0232
Affected system and application version
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
Loophole recurrence: 1. Build the environment
VMware virtual machine windows 7
JDK 1.8.0_73
Apache tomcat 9.0.13
2. Recurrence steps
First install JDK (the jdk_1.8.0_241 I use here) and then configure the environment variables
Download the Tomcat installation package portal in accordance with the version
Download JDK to prepare to configure the environment
1. Install jdk and choose a directory at will. If there are no special requirements, you can install it by default.
2. Install jre → before changing →\ java, the directory is the same as the installation jdk directory.
3. Configure environment variables after JDK installation computer → properties → advanced system settings → advanced → environment variables
4. The system variable → creates a new JAVA_HOME variable.
The variable value fills in the installation directory of jdk
My path is C:\ Program Files\ Java\ jdk1.8.0_241
5. System variable → looks for Path variable → editing
Enter% JAVA_HOME%\ bin;%JAVA_HOME%\ jre\ bin at the end of the variable value
6. System variable → create a new CLASSPATH variable
Fill in the variable value.;% JAVA_HOME%\ lib;%JAVA_HOME%\ lib\ tools.jar
7. Verify whether the configuration runs successfully. If the cmd input java-version shows the version information as shown in the figure, the installation and configuration are successful.
8. Download Tomcat from the above URL. After downloading the installation package, go to the bin directory and execute startup.bat to start tomcat.
9. Visit http://localhost:8080
10. Modify the configuration file
First modify apache-tomcat-9.0.13\ conf\ web.xml
(1) delete this comment and add the code in the red box.
EnableCmdLineArgumentstrueexecutadle
(2) delete the comments here
11. Then change apache-tomcat-9.0.13\ conf\ context.xml
Add the privileged= "true" statement as shown below
The environment has been built!
12. Create a new cgi-bin folder under the apache-tomcat-9.0.13\ webapps\ ROOT\ WEB-INF directory
Create a .bat file within the folder
The following is written in the Bat file
@ echo offecho Content-Type: test/plainecho.set foo=&~1%foo%
13. Access the bat file under the corresponding cgi-bin by direct browser (the bat file will be downloaded by default)
14. Append the system command at the end:
This command is to call up the computer
The loophole reappeared successfully!
2. Repair suggestion
Disable the enableCmdLineArguments parameter.
More stringent parameter validity test rules are adopted for overwriting in conf/web.xml.
Upgrade tomcat to version 9.0.17 or later.
After reading the above, do you have any further understanding of how to reproduce the Apache Tomcat remote code execution vulnerability CVE-2019-0232? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.