Apache Seata·´ÐòÁл¯Â©¶´À´Ï®£¬mansion88Ã÷ÉýÌṩ½â¾ö·½°¸
·¢²¼Ê±¼ä 2024-09-23Apache Seata ÊÇÒ»¿î¿ªÔ´µÄ·Ö²¼Ê½ÊÂÎñ½â¾ö·½°¸£¬ÖÂÁ¦ÓÚÔÚ΢·þÎñ¼Ü¹¹ÏÂÌṩ¸ßÐÔÄܺͼòµ¥Ò×Óõķֲ¼Ê½ÊÂÎñ·þÎñ¡£
2024Äê9Ô£¬mansion88Ã÷Éý¼à¿Øµ½Apache Seata ¹Ù·½·¢²¼ÁËCVE-2024-22399 Apache Seata Hessian·´ÐòÁл¯Â©¶´¡£¸Ã©¶´CVSS3.1ĿǰÆÀ·ÖΪ9.8·Ö£¬²¢ÇÒÆä×ÛºÏÆÀ¼¶Îª¡°³¬Î£¡±¡£
¾Ñо¿È·¶¨£¬Apache Seata ÓÃÓÚ·þÎñ¶ËÓë¿Í»§¶ËͨÐŵÄRPC ÐÒ飨ĬÈ϶˿ÚΪ8091£©ÒÔ¼°×Ô2.0.0 °æ±¾ÆðʵÏÖµÄRaft ÐÒéÏûÏ¢£¬¾ùÖ§³Ö²ÉÓÃHessian ½øÐÐÊý¾ÝµÄÐòÁл¯Óë·´ÐòÁл¯²Ù×÷¡£ÔÚ2.1.0 ¼°1.8.1 °æ±¾Ö®Ç°£¬SeataÔÚ´¦ÀíRPC ÇëÇóʱ£¬¶ÔRPC ÏûÏ¢ÌåÖеÄÐòÁл¯Êý¾ÝУÑé»úÖÆ²»¹»Ñϸñ¡£ÕâÒ»Çé¿öÖÂʹ¹¥»÷ÕßÄܹ»¹¹Ôì°üº¬¶ñÒâHessian ÐòÁл¯Êý¾ÝµÄÏûÏ¢Ì壬²¢·¢ËͶñÒâRPC ÇëÇó£¬×îÖÕ¿ÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£Èô³É¹¦ÀûÓôË©¶´£¬¹¥»÷ÕßÔòÓпÉÄÜÍêÈ«ÕÆ¿ØÊÜÓ°ÏìµÄϵͳ£¬ÆäÖаüÀ¨»ñÈ¡Ãô¸ÐÊý¾ÝµÄ·ÃÎÊȨÏÞ¡¢Ö´ÐÐÈÎÒâÖ¸Á»òÕß·¢Æð½øÒ»²½µÄÍøÂç¹¥»÷ÐÐΪ¡£ÇëÊÜÓ°ÏìµÄÓû§¾¡¿ì²ÉÈ¡·À»¤´ëÊ©¡£

©¶´¸´ÏÖ

Ó°Ïì°æ±¾
Apache Seata 2.0.0 °æ±¾
Apache Seata 1.0.0 ÖÁ 1.8.0 °æ±¾
½â¾ö·½°¸
Ò»¡¢¹Ù·½ÐÞ¸´·½°¸
Ŀǰ¹Ù·½ÒÑÓпɸüа汾£¬½¨ÒéÊÜÓ°ÏìÓû§Éý¼¶ÖÁ×îа汾:
Apache Seata 2.1.0/1.8.1
¹Ù·½ÏÂÔØµØÖ·£º
https://github.com/apache/incubator-seata/releases/tag/v2.1.0
¶þ¡¢mansion88Ã÷Éý½â¾ö·½°¸
1¡¢mansion88Ã÷ÉýÖն˲úÆ··½°¸
Ìì«‘Öն˰²È«Ò»Ì廯£¨EDR£©Ìṩ©¶´µÄרÏîÑéÖ¤¼ì²éÄÜÁ¦¶Ô©¶´×¤ÁôÖն˽øÐÐÈ«ÍøÍ¬²½ÑéÖ¤£¬Í¬Ê±Ìṩʵʱ¸æ¾¯Òì³£×Ó¸¸½ø³Ì£¬¼à¿ØÖ÷»úÒì³£ÍâÁ¬¼ì²â»ò·ÀÓùÄÜÁ¦£¬µÖÓù©¶´¹¥»÷·çÏÕ¡£

2¡¢mansion88Ã÷Éý¼ì²âÀà²úÆ··½°¸
ÌìãÙÈëÇÖ¼ì²âÓë¹ÜÀíϵͳ£¨IDS£©¡¢ÌìãÙ³¬Èںϼì²â̽Õ루CSP£©¡¢ÌìãÙÍþв·ÖÎöÒ»Ìå»ú£¨TAR£©¡¢ÌìÇåÈëÇÖ·ÀÓùϵͳ£¨IPS£©Éý¼¶µ½µ±Ç°×îа汾ʼþ¿â¼´¿ÉÓÐЧ¼ì²â»ò·À»¤¸Ã©¶´Ôì³ÉµÄ¹¥»÷·çÏÕ£¬Ê¼þ¿âÏÂÔØµØÖ·£º
https://venustech.download.venuscloud.cn/
3¡¢mansion88Ã÷Éý©ɨ²úÆ··½°¸
£¨1£©¡°mansion88Ã÷Éý©¶´É¨ÃèϵͳV6.0¡±²úÆ·ÒÑÖ§³Ö¶Ô¸Ã©¶´½øÐÐɨÃè¡£

£¨2£©mansion88Ã÷Éý©¶´É¨Ãèϵͳ608XϵÁа汾ÒÑÖ§³Ö¶Ô¸Ã©¶´½øÐÐɨÃè¡£

4¡¢mansion88Ã÷Éý×ʲúÓë´àÈõÐÔ¹ÜÀíÆ½Ì¨£¨ASM£©²úÆ··½°¸
mansion88Ã÷Éý×ʲúÓë´àÈõÐÔ¹ÜÀíÆ½Ì¨ÊµÊ±²É¼¯²¢¸üÐÂÇ鱨ÐÅÏ¢£¬¶ÔÈë¿â×ʲú©¶´Apache Seata ·´ÐòÁл¯Â©¶´£¨CVE-2024-22399£©½øÐйÜÀí¡£

5¡¢mansion88Ã÷Éý°²È«¹ÜÀíºÍÌ¬ÊÆ¸Ð֪ƽ̨²úÆ··½°¸
Óû§¿ÉÒÔͨ¹ýÌ©ºÏ°²È«¹ÜÀíºÍÌ¬ÊÆ¸Ð֪ƽ̨£¬½øÐйØÁª²ßÂÔÅäÖ㬽áºÏʵ¼Ê»·¾³ÖÐϵͳÈÕÖ¾ºÍ°²È«É豸µÄ¸æ¾¯ÐÅÏ¢½øÐгÖÐø¼à¿Ø£¬´Ó¶ø·¢ÏÖ¡°Apache Seata ·´ÐòÁл¯Â©¶´£¨CVE-2024-22399£©¡±µÄ©¶´ÀûÓù¥»÷ÐÐΪ¡£
£¨1£© ÔÚÌ©ºÏµÄƽ̨ÖУ¬Í¨¹ý´àÈõÐÔ·¢ÏÖ¹¦ÄÜÕë¶Ô¡°Apache Seata ·´ÐòÁл¯Â©¶´£¨CVE-2024-22399£©¡±Â©¶´É¨ÃèÈÎÎñ£¬ÅŲé¹ÜÀíÍøÂçÖÐÊÜ´Ë©¶´Ó°ÏìµÄÖØÒª×ʲú¡£

£¨2£©Æ½Ì¨¡°¹ØÁª·ÖÎö¡±Ä£¿éÖУ¬Ìí¼Ó¡°L2_Apache Seata ·´ÐòÁл¯Â©¶´¡±£¬Í¨¹ýmansion88Ã÷Éý¼ì²âÉ豸¡¢Ä¿±êÖ÷»úϵͳµÈÉ豸µÄ¸æ¾¯ÈÕÖ¾£¬·¢ÏÖÍⲿ¹¥»÷ÐÐΪ¡£

ͨ¹ý·ÖÎö¹æÔò×Ô¶¯½«"L2_Apache Seata·´ÐòÁл¯Â©¶´"©¶´ÀûÓõĿÉÒÉÐÐΪԴµØÖ·Ìí¼Óµ½¹Û²ìÁÐ±í¡°¸ß·çÏÕÁ¬½Ó¡±ÖУ¬×÷ΪÄÚ²¿Ç鱨Êý¾ÝʹÓá£
£¨3£© Ìí¼Ó¡°L3_Apache Seata·´ÐòÁл¯Â©¶´¡±£¬Ìõ¼þÈÕÖ¾Ãû³ÆµÈÓÚ»ò°üº¬¡°L2_Apache Seata ·´ÐòÁл¯Â©¶´¡±£¬¹¥»÷½á¹ûµÈÓÚ¡°¹¥»÷³É¹¦¡±£¬Ä¿µÄµØÖ·ÒýÓÃ×ʲú©¶´»òÔ´µØÖ·Æ¥ÅäÍþвÇ鱨£¬´Ó¶øÌáÉý¹ØÁª¹æÔòµÄÖÃÐŶȡ£

£¨4£©ATT&CK¹¥»÷Á´Ìõ·ÖÎöÓëSOAR´¦Öý¨Òé
¸ù¾Ý¶ÔCVE-2024-22399©¶´µÄ¹¥»÷ÀûÓùý³Ì½øÐзÖÎö£¬¹¥»÷Á´Éæ¼°¶à¸öATT&CKÕ½ÊõºÍ¼¼Êõ½×¶Î£¬¸²¸ÇµÄTTP°üÀ¨£º
TA0001³õʼ·ÃÎÊ£ºT1190ÀûÓÃÃæÏò¹«ÖÚµÄÓ¦ÓóÌÐò
TA0002Ö´ÐУºT1059ÃüÁîºÍ½Å±¾½âÊÍÆ÷
TA0004ÌáȨ£º T1068ÀûÓé¶´ÌáÉýȨÏÞ
TA0009Êý¾ÝÊÕ¼¯£º T1005´Ó±¾µØÏµÍ³ÊÕ¼¯Êý¾Ý

ͨ¹ýÌ©ºÏ°²È«¹ÜÀíºÍÌ¬ÊÆ¸Ð֪ƽ̨ÄÚÖÃSOAR×Ô¶¯»¯»ò°ë×Ô¶¯»¯±àÅÅÁª¶¯ÏìÓ¦´¦ÖÃÄÜÁ¦£¬Õë¶Ô¸Ã©¶´ÀûÓõĸ澯ʼþ±àÅž籾£¬½øÐÐ×Ô¶¯»¯´¦Öá£


¾©¹«Íø°²±¸11010802024551ºÅ