记录云计算中心日常工作关于系统运维,虚拟化云计算,数据库,网络安全等各方面问题。
大体调查下是weblogic对外提供了uddi方式的服务,而攻击者借用这一个对外公布服务进行的攻击。 关于oracle产品 uddi漏洞,看了篇文章http://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html说oracle发布了对应的更新包CPU = Critical Patch Update 更新包 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html可以根据oralce官方提供的文档,进行修复。最终我采用下面方法进行解决(如果你的应用没有使用uddiexplorer服务,你可以按照我下面方式来搞)/app/bea/weblogic92/server/lib/uddiexplorer.war,使用RAR打开后,注释掉下图的对应jsp,再进行打包,替换之前的/app/bea/weblogic92/server/lib/uddiexplorer.war发现通过http://ip:port/uddiexplorer/SearchPublicRegistries.jsp 访问页面,无法找到,报404错误。 上面方法改的是weblogic92/server/lib公共部分,改后,应该适用weblogic下面建的所有域。
                              WebLogic CVE-2017-10271漏洞修复教程     近日,腾讯云安全中心监测到近期黑客利用WebLogic反序列化漏洞(CVE-2017-3248)以及WebLogic WLS 组件漏洞(CVE-2017-10271)对企业服务器发起大范围远程攻击,已有部分客户被挖矿程序watch-smartd所利用,攻击者可利用该漏洞在WebLogic服务器/tmp/目录安装植入watch-smartd程序,在后台运行极大消耗服务器CPU和内存资源。        为避免您的业务受影响,腾讯云安全中心建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。【漏洞详情】  此次攻击者所利用的漏洞中,CVE-2017-12071是Oracle WebLogic中WLS 组件的最新的远程代码执行漏洞,官方在 2017 年 10 月份发布了该漏洞的补丁,由于没有公开细节,大量企业尚未及时安装补丁,导致被控制用户量逐渐增加,该漏洞的利用方法较为简单,攻击者只需要发送精心构造的 HTTP 请求,就可以拿到...
近期,绿盟科技应急响应团队陆续接到来自金融、运行商、互联网等多个行业客户的应急响应服务需求。在WebLogic服务器/tmp/目录发现运行中的watch-smartd程序,极大消耗服务器CPU和内存资源。同时的可能还有watch-smartd的早期版本Carbon、carbon。该挖矿程序不存在维持进程和复活的功能,但在清除该程序后不定期又会出现。watch-smartd连接的矿池地址为minergate.com、pool.minexmr.com。通过对受害主机进行监控和分析,证实攻击者正是利用WebLogic wls-wsat组件远程命令执行漏洞下载并运行挖矿程序。攻击者首先下载名为setup-watch的shell脚本,其作用是下载并运行watch-smartd挖矿程序。默认配置下的WebLogic在漏洞执行过程中不会留下任何痕迹,攻击者利用漏洞反复下载并运行挖矿程序,导致难以清除。临时防护方案根据实际环境路径,删除WebLogic程序下列war包及目录rm -f /home/WebLogic/Oracle/Middleware/wlserver_10.3/server/lib/wls-wsat.warrm -f /home/WebLogic/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServer/tmp/.internal/wls-wsat.warrm -rf /home/WebLogic/Oracle/Middleware/user_projects/domains/base_domain/servers/AdminServ...
 
0
您所在的组无权查看该日志
WebLogic 反序列化漏洞,CVE-2017-3248成功绕过之前的官方修复漏洞描述2017年1月27日,WebLogic官方发布了一个编号为CVEID: CVE-2017-3248 的漏洞,影响为Critical。之前轰动一时的反序列化漏洞,官方当时的修补措施,在本漏洞中可被绕过。此次漏洞影响WebLogic版本如下图所示:漏洞分析与验证分析之前WebLogic漏洞CVE-2015-4852的补丁,发现WebLogic采用黑名单的方式过滤危险的反序列化类,如下图所示:但是这种修复方式很被动,存在被绕过的风险,只要发现可用并且未在黑名单之外的反序列化类,那么之前的防护就会被打破,系统遭受攻击。这次发布的CVE-2017-3248 就是利用了黑名单之外的反序列化类,通过JRMP协议达到执行任意反序列化payload。(Java远程消息交换协议JRMP即Java Remote MessagingProtocol,是特定于Java技术的、用于查找和引用远程对象的协议。这是运行在Java远程方法调用RMI之下、TCP/IP之上的线路层协议。)启明星辰 ADLab 通过对本漏洞的深度分析,构造了对应的POC并测试验证成功,具体验证情况如下:测试环境:WebLogicServer 10.3.6.0.160719 ,已经打了“Patch 23094342”补丁。测试过程:使用自制漏洞利用工具对测试系统进行漏洞利用测试。第一步:...
您所在的组无权查看该日志
RHEL6下yum -y install epel-release安装了epel源,但yum makecache出错。centos下安装完EPEL源然后更新一下yum缓存如果发现这样的错误:Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again这就表明你需要更新CA证书了,那么只需要更新CA证书就可以,不过在此同时需要临时禁用epel源并更新就可以了,命令如下: yum --disablerepo=epel -y update ca-certificates 
Host to Host IPsec Tunnel With Libreswan On CentOS 7.2 This is a guide on setting up a Host to Host IPsec tunnel between two CentOS 7.2 hosts. We will be using Libreswan as the implementation of IPsec. Libreswan is available in CentOS 7.2 in the default package repositories.Before you get started you are going to need two CentOS 7.2 servers, I am using KVM virtual servers in this example, you can use either real metal or a KVM virtual server. I have not tried this on other hypervisors, but I would be interested to hear if you have success using anything other than KVM.One of my virtual servers will be hosted on Digital Ocean and the other is running on a HP Microserver in my office. The IPsec tunnel will be initiated from the virtual server running on the HP Microserver as this is behind a NAT. Essentially the local virtual server will be a road warrior in this instance.Installing and Configuring libreswanLogin to each of your virtual machines and install Libreswan, you...
How to configure an IPSec Tunnel in CentOSInstall ipsec-tools packageyum -y install ipsec-toolsConfiguring an IPSec Tunnel on CentOS is fairly straightforward.In the example, we’ll tunnel between fictitious servers with public addresses in Boston and Seattle. For Boston we’ll use ipsecbos.centoshowtos.org – 216.52.2.41 and for Seattle ipsecsea.centoshowtos.org – 141.136.108.122.Create ifcfg-ipsec1 Configuration Files and keys-ipsec1Configuration files for the IPSec tunnel live alongside your CentOS network device files in /etc/sysconfig/network-scripts/. We will also need to create a keys file keys-ipsec1 which contains the Pre-shared key (PSK) that should match on both ends to establish the tunnel.ipsecbos.centoshowtos.orgCreate an ifcfg-ipsec1 file.vi /etc/sysconfig/network-scripts/ifcfg-ipsec1The file should look like this (except your IPs will be different)DST=141.136.108.122TYPE=IPSECONBOOT=noIKE_METHOD=PSKCreate keys-ipsec1 file.vi /etc/sys...
6.3. IPsec InstallationImplementing IPsec requires that the ipsec-tools RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files to aid in setup of the IPsec connection, including:/sbin/setkey — manipulates the key management and security attributes of IPsec in the kernel. This executable is controlled by the racoon key management daemon. For more information on setkey, refer to the setkey(8) man page./sbin/racoon — the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems. This daemon can be configured by editing the /etc/racoon/racoon.conf file. For more information about racoon, refer to the racoon(8) man page./etc/racoon/racoon.conf — the racoon daemon configuration file used to configure various aspects of the IPsec connection, including auth...
    总共199页,当前第7页 | 页数:
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17