漏洞“ApacheZookeeper授权问题漏洞(CVE-2019-0201)”详
扫描漏洞详情如下:
⽬录
1.漏洞详情
漏洞
名称
Apache Zookeeper 授权问题漏洞(CVE-2019-0201)
cve漏洞库发现
⽇期
2019-05-23
CVSS
评分
5.9
漏洞描述Apache Zookeeper是美国阿帕奇(Apache)软件基⾦会的⼀个软件项⽬,它能够为⼤型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。 Apache ZooKeeper 1.0.0版本⾄3.4.13版本和3.5.0-alpha版本⾄3.5.4-beta版本中存在授权问题漏洞。该漏洞源于⽹络系统或产品中缺少⾝份验证措施或⾝份验证强度不⾜。
解决
⽅案
⼚商补丁: ⽬前⼚商已发布升级补丁以修复漏洞,补丁获取链接: /security.html#CVE-2019-0201解决⽅式:
只授权集内部访问
zkCli.sh 进⼊zk后执⾏如下命令:
setAcl / ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /zookeeper ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /cluster ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /controller_epoch ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /controller ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /brokers ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /feature ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /admin ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /isr_change_notification ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /consumers ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /log_dir_event_notification ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /latest_producer_id_block ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa
setAcl /config ip:192.168.0.13:cdrwa,ip:192.168.0.14:cdrwa,ip:192.168.0.15:cdrwa,ip:127.0.0.1:cdrwa

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。