In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
This article mainly explains "how to fix docker remote API loopholes". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn how to fix docker remote API vulnerabilities.
Vulnerability description
Docker is an open source application container engine, this vulnerability is to take advantage of an api interface opened by docker, because the permissions are not set properly, so that remote command execution can be made.
Test environment
A local virtual machine and a temporarily created Ali cloud server
Centos7
Docker-ce-18.09.9
Loophole recurrence
First, port 2375 is detected, and then a http:localhost:2375/version request is constructed if it is open. If the return packet is in json format, the vulnerability exists.
1. Install docker
Configure host Nic forwarding
# # if not configured, you need to execute the following $cat
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
