undertow 远端WWW服务支持TRACE请求漏洞修复

undertow 远端WWW服务支持TRACE请求漏洞修复

  • 1 漏洞说明及复现
    • 1.1 漏洞说明
    • 1.2 漏洞复现
  • 2 漏洞修复
  • 3 漏洞修复后验证

1 漏洞说明及复现

1.1 漏洞说明

undertow 远端WWW服务支持TRACE请求漏洞修复_第1张图片

1.2 漏洞复现

执行命令 curl -v -X TRACE IP:PORT ,可以看到200响应,即存在trace漏洞。

[root@vxdfbdbgggsd ~]# curl -v -X TRACE 192.168.21.237:8081
·······省略以上·······
> TRACE HTTP://192.168.21.237:8081/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.21.237:8081
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 OK     (这里的状态为200)
< Content-Type: message/http
< Content-Length: 216
< Date: Wed, 10 May 2023 01:28:03 GMT
< X-Cache: MISS from adadavfbbbf
< Via: 1.1 adadavfbbbf(squid/4.15)
< Connection: keep-alive
< 
·······省略以下·······
[root@vxdfbdbgggsd ~]#

2 漏洞修复

springboot内嵌undertow容器时,pom中存在undertow相关依赖:

<dependency>
    <groupId>org.springframwork.boot</groupId>
    <artifactId>spring-boot-starter-undertow</artifactId>
</dependency>

新增一个配置类:

import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.handlers.DisallowedMethodsHandler;
import io.undertow.util.HttpString;
import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Configuration;

@Configuration
public class UndertowWebServerCustomizerConfig implements WebServerFactoryCustomizer<UndertowServletWebServerFactory>{
 
    @Override
    public void customize(UndertowServletWebServerFactory factory){
        factory.addDeploymentInfoCustomizers(deploymentInfo ->{
            deploymentInfo.addInitualHandlerChainWrapper(new HandlerWrapper(){
                
                @Override
                public HttpHandler wrap(HttpHandler handler){
                    HttpString[] disallowerHttpMethods = {HttpString.tryFromString("TRACE"),HttpString.tryFromString("TRACK")
                    };
 
                    return new DisallowedMethodsHandler(handler,disallowerHttpMethods );
                }  
            });
        });
 
    }
 
}

重启服务即可。

3 漏洞修复后验证

可以看到,已经没有200响应了。

[root@vxdfbdbgggsd ~]# curl -v -X TRACE 192.168.21.237:8081
* About to connect() to proxy 192.168.21.238 port 3128 (#0)
*   Trying 192.168.21.238...
* Connected to 192.168.21.238 (192.168.21.238) port 3128 (#0)
> TRACE HTTP://192.168.21.237:8081/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.21.237:8081
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 405 Method Not Allowed
< Content-Length: 0
< Date: Wed, 17 May 2023 10:44:33 GMT
< X-Cache: MISS from adadavfbbbf
< Via: 1.1 adadavfbbbf (squid/4.15)
< Connection: keep-alive
< 
* Connection #0 to host 192.168.21.238 left intact
[root@vxdfbdbgggsd ~]#

你可能感兴趣的:(java)