-
7.0 U1c 之前的 7.0 版本
-
6.7 U3l 之前的 6.7 版本
-
6.5 U3n 之前的 6.5 版本
-
4.2之前的4.x版本
-
3.10.1.2 之前的3.x版本
@RequestMapping(
value = {"/uploadova"},
method = {RequestMethod.POST}
)
public void uploadOvaFile(@RequestParam(value = "uploadFile",required = true) CommonsMultipartFile uploadFile, HttpServletResponse response) throws Exception {
logger.info("Entering uploadOvaFile api");
int code = uploadFile.isEmpty() ? 400 : 200;
PrintWriter wr = null;
try {
if (code != 200) {
response.sendError(code, "Arguments Missing");
return;
}
wr = response.getWriter();
} catch (IOException var14) {
var14.printStackTrace();
logger.info("upload Ova Controller Ended With Error");
}
response.setStatus(code);
String returnStatus = "SUCCESS";
if (!uploadFile.isEmpty()) {
try {
logger.info("Downloading OVA file has been started");
logger.info("Size of the file received : " + uploadFile.getSize());
InputStream inputStream = uploadFile.getInputStream();
File dir = new File("/tmp/unicorn_ova_dir");
if (!dir.exists()) {
dir.mkdirs();
} else {
String[] entries = dir.list();
String[] var9 = entries;
int var10 = entries.length;
for(int var11 = 0; var11 < var10; ++var11) {
String entry = var9[var11];
File currentFile = new File(dir.getPath(), entry);
currentFile.delete();
}
logger.info("Successfully cleaned : /tmp/unicorn_ova_dir");
}
TarArchiveInputStream in = new TarArchiveInputStream(inputStream);
TarArchiveEntry entry = in.getNextTarEntry();
ArrayList result = new ArrayList();
while(entry != null) {
if (entry.isDirectory()) {
entry = in.getNextTarEntry();
} else {
File curfile = new File("/tmp/unicorn_ova_dir", entry.getName());
File parent = curfile.getParentFile();
if (!parent.exists()) {
parent.mkdirs();
}
OutputStream out = new FileOutputStream(curfile);
IOUtils.copy(in, out);
out.close();
result.add(entry.getName());
entry = in.getNextTarEntry();
}
}
in.close();
logger.info("Successfully deployed File at Location :/tmp/unicorn_ova_dir");
} catch (Exception var15) {
logger.error("Unable to upload OVA file :" + var15);
returnStatus = "FAILED";
}
}
wr.write(returnStatus);
wr.flush();
wr.close();
}
CVE-2021-21974是影响 HTML5 vSphere 客户端的中度(CVSSv3 基础 5.3)服务器端请求伪造漏洞。访问受影响系统的端口 443 的攻击者可以利用此弱点访问基础系统信息。
VMware已为临时缓解提供了步骤(https://kb.vmware.com/s/article/82374),其中包括禁用插件。
Rapid7实验室尚未检测到来自互联网的VMware vCenter服务器的无差别扫描,但Bad Packets(https://twitter.com/bad_packets/status/1364661586070102016?s=20)已检测到了恶意事件。我们将持续关注这个事件,并更新此文章!
本文始发于微信公众号(Rapid7):VMware vCenter Server CVE-2021-21972远程代码执行漏洞
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论