[CVE-2017-15709]Apache ActiveMQ Information Leak

  • A+
所属分类:javasec_cn
摘要

2017年的第二个cve问题原因:Apache ActiveMQ默认消息队列61616端口对外,61616端口使用了OpenWire协议,这个端口会暴露服务器相关信息,这些相关信息实际上是debug信息。

2017年的第二个cve


问题原因:

Apache ActiveMQ默认消息队列61616端口对外,61616端口使用了OpenWire协议,这个端口会暴露服务器相关信息,这些相关信息实际上是debug信息。

会返回应用名称,JVM,操作系统以及内核版本等信息。
[CVE-2017-15709]Apache ActiveMQ Information Leak
影响版本:

apache-activemq-5.15.0 to apache-activemq-5.15.2
apache-activemq-5.14.0 to apache-activemq-5.14.5
漏洞修复:
[CVE-2017-15709]Apache ActiveMQ Information Leak
[CVE-2017-15709]Apache ActiveMQ Information Leak
测试用例:

修复前:

@Test -    public void testClientProperties() throws Exception{ -        BrokerService service = createBrokerService(); -        try { -            ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(new URI(brokerUri)); -            ActiveMQConnection conn = (ActiveMQConnection)factory.createConnection(); -            final AtomicReference<WireFormatInfo> clientWf = new AtomicReference<WireFormatInfo>(); -            conn.addTransportListener(new DefaultTransportListener() { -                @Override -                public void onCommand(Object command) { -                    if (command instanceof WireFormatInfo) { -                        clientWf.set((WireFormatInfo)command); -                    } -                } -            }); -            conn.start(); -            if (clientWf.get() == null) { -                fail("Wire format info is null"); -            } -            assertTrue(clientWf.get().getProperties().containsKey("ProviderName")); -            assertTrue(clientWf.get().getProperties().containsKey("ProviderVersion")); -            assertTrue(clientWf.get().getProperties().containsKey("PlatformDetails")); -            assertTrue(clientWf.get().getProviderName().equals(ActiveMQConnectionMetaData.PROVIDER_NAME)); -            assertTrue(clientWf.get().getPlatformDetails().equals(ActiveMQConnectionMetaData.PLATFORM_DETAILS)); -        } finally { -            stopBroker(service); 

修复后:

+    public void testClientPropertiesWithDefaultPlatformDetails() throws Exception{ +        WireFormatInfo clientWf = testClientProperties(brokerUri); +        assertTrue(clientWf.getPlatformDetails().equals(ActiveMQConnectionMetaData.DEFAULT_PLATFORM_DETAILS)); +    } + +    @Test +    public void testClientPropertiesWithPlatformDetails() throws Exception{ +        WireFormatInfo clientWf = testClientProperties(brokerUri + "?wireFormat.includePlatformDetails=true"); +        assertTrue(clientWf.getPlatformDetails().equals(ActiveMQConnectionMetaData.PLATFORM_DETAILS)); +    } + +    private WireFormatInfo testClientProperties(String brokerUri) throws Exception { +        ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(new URI(brokerUri)); +        ActiveMQConnection conn = (ActiveMQConnection)factory.createConnection(); +        conn.start(); + +        assertTrue(connector.getConnections().size() == 1); +        final WireFormatInfo clientWf = connector.getConnections().get(0).getRemoteWireFormatInfo(); +        if (clientWf == null) { +            fail("Wire format info is null");          } + +        //verify properties that the client sends to the broker +        assertTrue(clientWf.getProperties().containsKey("ProviderName")); +        assertTrue(clientWf.getProperties().containsKey("ProviderVersion")); +        assertTrue(clientWf.getProperties().containsKey("PlatformDetails")); +        assertTrue(clientWf.getProviderName().equals(ActiveMQConnectionMetaData.PROVIDER_NAME)); + +        return clientWf;      } 

修复版本:

Apache Active MQ 5.14.6

Apache Active MQ 5.15.3

Apache Active MQ 5.16.0

官方公布的草案:

CVE-2017-15709 - Information Leak  Severity: Low  Vendor: The Apache Software Foundation  Versions Affected: Apache ActiveMQ 5.14.0 - 5.15.2  Description:  When using the OpenWire protocol it was found that certain system details (such as the OS and kernel version) are exposed as plain text.  Mitigation:  Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.14.6 or 5.15.3.     Credit:  This issue was discovered by QingTeng cloud Security of Minded Security Researcher jianan.huang 

参考信息:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15709

https://issues.apache.org/jira/browse/AMQ-6871

http://activemq.apache.org/security-advisories.html

http://activemq.apache.org/security-advisories.data/CVE-2017-15709-announcement.txt

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: