Cilmi-baarayaal ka socda shirkadda Shiinaha ee Chaitin Tech ayaa ogaaday () gudaha , hirgelinta furan ee Java Servlet, JavaServer Pages, Java Expression Language iyo Java WebSocket technology. Nuglaanta waxaa loo qoondeeyay koodka magaca Ghostcat iyo heerka darnaanta halista ah (9.8 CVSS). Dhibaatadu waxay u ogolaataa, qaabeynta caadiga ah, adoo diraya codsi ku saabsan dekedda shabakada 8009, si loo akhriyo waxa ku jira faylal kasta oo ka mid ah tusaha codsiga shabakada, oo ay ku jiraan faylasha leh goobaha iyo codsiyada ilaha codsiga.
Nuglaanta ayaa sidoo kale suurtogal ka dhigaysa in faylal kale lagu soo geliyo koodhka codsiga, kaas oo u oggolaanaya fulinta code ee server-ka haddii codsigu u ogolaado in faylasha lagu dhejiyo server-ka (tusaale, weeraryahanku wuxuu soo gelin karaa qoraalka JSP oo loo ekeysiiyay sawir ahaan iyada oo loo marayo foomka soo gelinta sawirka). Weerarka waxaa la qaadi karaa marka ay suurtagal tahay in codsi loo diro deked shabakad oo leh maamule AJP ah. Marka loo eego xogta hordhaca ah, online in ka badan 1.2 milyan oo martigeliyayaal ah oo ku aqbalaya codsiyada hab-maamuuska AJP.
Nuglaanta ayaa ku jirta nidaamka AJP, iyo qaladka fulinta. Marka lagu daro aqbalaadda isku xirka HTTP (dekedda 8080), Apache Tomcat asal ahaan waxay u ogolaataa gelitaanka arjiga shabakadda iyada oo loo marayo nidaamka AJP, dekedda 8009), kaas oo ah analoogga binary ee HTTP loo habeeyay waxqabadka sare, inta badan waxaa loo isticmaalaa marka la abuurayo koox ka mid ah server-yada Tomcat ama si loo dedejiyo is dhexgalka Tomcat ee wakiil ka noqda ama culeyska culeyska.
AJP waxay bixisaa hawl caadi ah oo loogu talagalay gelitaanka faylasha server-ka, kaas oo la isticmaali karo, oo ay ku jiraan helitaanka faylasha aan hoos loo dhigin shaacinta. AJP waxa loo malaynayaa in la heli karo oo keliya serferada la aamini karo, laakiin dhab ahaantii qaabaynta caadiga ah ee Tomcat ayaa ku socodsiisay maamulaha dhammaan shabakadaha isku xidhka iyo codsiyada la aqbalay iyada oo aan la hubin. Gelitaanka waa suurtagal faylal kasta oo arji shabakad ah, oo ay ku jiraan waxa ku jira WEB-INF, META-INF iyo hagayaal kasta oo kale oo lagu bixiyo wicitaanka ServletContext.getResourceAsStream(). AJP waxay sidoo kale kuu ogolaaneysaa inaad isticmaasho fayl kasta oo ku jira hagaha la heli karo codsiga shabakada sida qoraalka JSP.
Dhibaatadu waxay soo muuqatay tan iyo laanta Tomcat 13.x oo la sii daayay 6 sano ka hor. Marka lagu daro dhibaatada Tomcat lafteeda iyo alaabooyinka isticmaala, sida Koofiyada Cas JBoss Web Server (JWS), JBoss Enterprise Application Platform (EAP), iyo sidoo kale codsiyada shabakadda ee iskood u isticmaala. . Nuglaanta la midka ah (CVE-2020-1745) ee server-ka webka , oo loo isticmaalo server-ka codsiga Wildfly. Gudaha JBoss iyo Wildfly, AJP si toos ah ayaa loogu awood geliyey oo keliya taagan-full-ha.xml, standalone-ha.xml iyo ha/ful-ha profiles domain.xml. Bootka guga, taageerada AJP waa naafo. Hadda, kooxo kala duwan waxay diyaariyeen in ka badan toban tusaaleyaal shaqo oo ka faa'iidaysi (
,
,
,
,
,
,
,
,
,
,
).
Nuglaanta ayaa go'an siidaynta Tomcat , ΠΈ ( dayactirka laanta 6.x ). Waxaad ka heli kartaa wixii cusbooneed ee xirmooyinka qaybinta boggagan: , , , , , . Xakameyn ahaan, waxaad joojin kartaa adeegga Tomcat AJP Connector (ku xidh godka dhegeysiga ee localhost ama faallo ka bixi khadka Connector port = "8009") haddii aan loo baahnayn, ama gelitaanka la xaqiijiyay iyadoo la adeegsanayo sifada "sirta" iyo "cinwaanka", haddii adeegga loo isticmaalo in lagula falgalo server-yada kale iyo wakiillada ku salaysan mod_jk iyo mod_proxy_ajp (mod_cluster ma taageerto xaqiijinta).
Source: opennet.ru