tomcat8.5.39版本漏洞升级

tomcat8.5.39版本漏洞升级

tomcat版本漏洞升级

  • 通过升级tomcat服务高版本,来解决漏洞问题。
  • 在此记录一下。
  • 扫描出来的漏洞的显示概括
5.png
  • 查看当前tomcat版本
# ls /usr/local/tomcat/webapps/^C
You have mail in /var/spool/mail/root
[root@esg-dn1 app]# /usr/local/tomcat/bin/version.sh 
Using CATALINA_BASE:   /usr/local/tomcat
Using CATALINA_HOME:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /usr/lib/jvm/java-1.8.0-openjdk.x86_64
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Using CATALINA_PID:    /usr/local/tomcat/logs/catalina.pid
Server version: Apache Tomcat/8.5.39
Server built:   Mar 14 2019 11:24:26 UTC
Server number:  8.5.39.0
OS Name:        Linux
OS Version:     2.6.32-696.el6.x86_64
Architecture:   amd64
JVM Version:    1.8.0_222-b10
JVM Vendor:     Oracle Corporation
  • 当前版本是Apache Tomcat/8.5.39

  • 漏洞修复:升级到Apache Tomcat 8.5.40或更高版本

  • 升级到高版本apache-tomcat-8.5.47

# wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.47/bin/apache-tomcat-8.5.47.tar.gz
# tar -xf apache-tomcat-8.5.47.tar.gz
# netstat -untlp |grep 8080
tcp        0      0 :::8080                     :::*                        LISTEN      1262/java
# /usr/local/tomcat/bin/shutdown.sh   ##首先关闭tomcat服务
Using CATALINA_BASE:   /usr/local/tomcat
Using CATALINA_HOME:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /usr/lib/jvm/java-1.8.0-openjdk.x86_64
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Using CATALINA_PID:    /usr/local/tomcat/logs/catalina.pid
# netstat -untlp |grep 8080
# mv /usr/local/tomcat   /usr/local/tomcat_old  ##备份tomcat的旧版本
# cp -r apache-tomcat-8.5.47 /usr/local/tomcat  ##将新版的tomcat拷贝到指定目录下
# cp -rp /usr/local/tomcat_old/conf/server.xml /usr/local/tomcat/conf/              
##将旧版本的tomcat配置文件拷贝到新版本
cp: overwrite `/usr/local/tomcat/conf/server.xml'?
# ls /usr/local/tomcat/webapps/
docs  examples  host-manager  manager  ROOT
# ls /usr/local/tomcat_old/webapps/
esgf-stats-api  esg-orp  thredds
####比较新旧版本的webapps区别,还原旧版本的信息
# cp -rp /usr/local/tomcat_old/webapps/  /usr/local/tomcat/
# rm -rf host-manager/
# rm -rf examples/
# rm -rf manager/
# rm -rf docs/
########删除项目自带的文档和示例
# /usr/local/tomcat/bin/startup.sh
Using CATALINA_BASE:   /usr/local/tomcat
Using CATALINA_HOME:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /usr/lib/jvm/java-1.8.0-openjdk.x86_64
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Tomcat started.


# netstat  -ntulp | grep 8080
tcp        0      0 :::8080                     :::*                        LISTEN      9666/java           
# ps -ef | grep 9666
root      9666     1 96 13:19 pts/164  00:00:53 /usr/lib/jvm/java-1.8.0-openjdk.x86_64/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dignore.endorsed.dirs= -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
root     10598 24249  0 13:20 pts/164  00:00:00 grep 9666

查看tomcat版本

  • 启动tomcat服务后,查看升级版本。
# /usr/local/tomcat/bin/version.sh 
Using CATALINA_BASE:   /usr/local/tomcat
Using CATALINA_HOME:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /usr/lib/jvm/java-1.8.0-openjdk.x86_64
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Server version: Apache Tomcat/8.5.47
Server built:   Oct 7 2019 13:30:46 UTC
Server number:  8.5.47.0
OS Name:        Linux
OS Version:     2.6.32-696.el6.x86_64
Architecture:   amd64
JVM Version:    1.8.0_222-b10
JVM Vendor:     Oracle Corporation
You have mail in /var/spool/mail/root

  • 查看到tomcat版本显示是8.5.47,已升级成功。

你可能感兴趣的:(tomcat8.5.39版本漏洞升级)