https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html?m=1
Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability
A critical unpatched RCE vulnerability affects Atlassian Confluence Server and Data Center products that is being actively exploited in the wild.
thehackernews.com
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
Zero-Day Exploitation of Atlassian Confluence | Volexity
Zero-Day Exploitation of Atlassian Confluence June 2, 2022 by Andrew Case, Sean Koessel, Steven Adair, Thomas Lancaster, Volexity Threat Research Facebook Twitter Email UPDATE: On June 3, 2022, Atlassian updated its security advisory with new informati
www.volexity.com
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Confluence Security Advisory 2022-06-02 | Confluence Data Center and Server 7.18 | Atlassian Documentation
confluence.atlassian.com
PoC 코드 https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis
완화 방법
For Confluence 7.15.0 - 7.18.0
If you run Confluence in a cluster, you will need to repeat this process on each node. You don't need to shut down the whole cluster to apply this mitigation.
1. Shut down Confluence.
2. Download the following 1 file to the Confluence server:
xwork-1.0.3-atlassian-10.jar
3. Delete (or move the following JAR outside of the Confluence install directory):
<confluence-install>/confluence/WEB-INF/lib/xwork-1.0.3-atlassian-8.jar
(warning) Do not leave a copy of this old JAR in the directory.
4. Copy the downloaded xwork-1.0.3-atlassian-10.jar into <confluence-install>/confluence/WEB-INF/lib/
5. Check the permissions and ownership on the new xwork-1.0.3-atlassian-10.jar file matches the existing files in the same directory.
6. Start Confluence
For Confluence 7.0.0 - Confluence 7.14.2
If you run Confluence in a cluster, you will need to repeat this process on each node. You don't need to shut down the whole cluster to apply this mitigation.
1. Shut down Confluence.
2. Download the following 3 files to the Confluence server:
xwork-1.0.3-atlassian-10.jar
webwork-2.1.5-atlassian-4.jar
CachedConfigurationProvider.class
3. Delete (or move the following JARs outside of the Confluence install directory):
4. <confluence-install>/confluence/WEB-INF/lib/xwork-1.0.3.6.jar
<confluence-install>/confluence/WEB-INF/lib/webwork-2.1.5-atlassian-3.jar
(warning) Do not leave a copy of the old JARs in the directory.
5. Copy the downloaded xwork-1.0.3-atlassian-10.jar into <confluence-install>/confluence/WEB-INF/lib/
6. Copy the downloaded webwork-2.1.5-atlassian-4.jar into <confluence-install>/confluence/WEB-INF/lib/
7. Check the permissions and ownership on both new files matches the existing files in the same directory.
8. Change to directory <confluence-install>/confluence/WEB-INF/classes/com/atlassian/confluence/setup
9. Create a new directory called webwork
Copy CachedConfigurationProvider.class into <confluence-install>/confluence/WEB-INF/classes/com/atlassian/confluence/setup/webwork
Ensure the permissions and ownership are correct for:
<confluence-install>/confluence/WEB-INF/classes/com/atlassian/confluence/setup/webwork
<confluence-install>/confluence/WEB-INF/classes/com/atlassian/confluence/setup/webwork/CachedConfigurationProvider.class
Start Confluence.
패치버전
7.4.17
7.13.7
7.14.3
7.15.2
7.16.4
7.17.4
7.18.1
'보안동향' 카테고리의 다른 글
| ‘시험지 해킹’ 대동고 학생들, 영어 과목만 못뚫은 이유 (0) | 2022.08.01 |
|---|---|
| 구글, “취약점이 소프트웨어 물자의 이름을 불러 주었을 때 꽃이 된다” (0) | 2022.06.15 |
| [단독] 카드사 앱 '접속 사고'…남의 정보 다 보여줬다 (0) | 2022.04.21 |
| [단독] 삼성이 내놓은 '슈퍼 앱', 나흘 만에 금융정보 유출 (0) | 2022.04.21 |
| Git 취약점(CVE-2022-24765, CVE-2022-24767) (0) | 2022.04.14 |
