Apache Seata·´ÐòÁл¯Â©¶´À´Ï®£¬mansion88Ã÷ÉýÌṩ½â¾ö·½°¸

·¢²¼Ê±¼ä 2024-09-23

Apache Seata ÊÇÒ»¿î¿ªÔ´µÄ·Ö²¼Ê½ÊÂÎñ½â¾ö·½°¸£¬ÖÂÁ¦ÓÚÔÚ΢·þÎñ¼Ü¹¹ÏÂÌṩ¸ßÐÔÄܺͼòµ¥Ò×Óõķֲ¼Ê½ÊÂÎñ·þÎñ¡£


2024Äê9Ô£¬mansion88Ã÷Éý¼à¿Øµ½Apache Seata ¹Ù·½·¢²¼ÁËCVE-2024-22399 Apache Seata Hessian·´ÐòÁл¯Â©¶´¡£¸Ã©¶´CVSS3.1ĿǰÆÀ·ÖΪ9.8·Ö£¬²¢ÇÒÆä×ÛºÏÆÀ¼¶Îª¡°³¬Î£¡±¡£


¾­Ñо¿È·¶¨£¬Apache Seata ÓÃÓÚ·þÎñ¶ËÓë¿Í»§¶ËͨÐŵÄRPC ЭÒ飨ĬÈ϶˿ÚΪ8091£©ÒÔ¼°×Ô2.0.0 °æ±¾ÆðʵÏÖµÄRaft ЭÒéÏûÏ¢£¬¾ùÖ§³Ö²ÉÓÃHessian ½øÐÐÊý¾ÝµÄÐòÁл¯Óë·´ÐòÁл¯²Ù×÷¡£ÔÚ2.1.0 ¼°1.8.1 °æ±¾Ö®Ç°£¬SeataÔÚ´¦ÀíRPC ÇëÇóʱ£¬¶ÔRPC ÏûÏ¢ÌåÖеÄÐòÁл¯Êý¾ÝУÑé»úÖÆ²»¹»Ñϸñ¡£ÕâÒ»Çé¿öÖÂʹ¹¥»÷ÕßÄܹ»¹¹Ôì°üº¬¶ñÒâHessian ÐòÁл¯Êý¾ÝµÄÏûÏ¢Ì壬²¢·¢ËͶñÒâRPC ÇëÇó£¬×îÖÕ¿ÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£Èô³É¹¦ÀûÓôË©¶´£¬¹¥»÷ÕßÔòÓпÉÄÜÍêÈ«ÕÆ¿ØÊÜÓ°ÏìµÄϵͳ£¬ÆäÖаüÀ¨»ñÈ¡Ãô¸ÐÊý¾ÝµÄ·ÃÎÊȨÏÞ¡¢Ö´ÐÐÈÎÒâÖ¸Á»òÕß·¢Æð½øÒ»²½µÄÍøÂç¹¥»÷ÐÐΪ¡£ÇëÊÜÓ°ÏìµÄÓû§¾¡¿ì²ÉÈ¡·À»¤´ëÊ©¡£


ͼƬ1.png


©¶´¸´ÏÖ


ͼƬ2.jpg


Ó°Ïì°æ±¾


Apache Seata 2.0.0 °æ±¾

Apache Seata 1.0.0 ÖÁ 1.8.0 °æ±¾


½â¾ö·½°¸


Ò»¡¢¹Ù·½ÐÞ¸´·½°¸


Ŀǰ¹Ù·½ÒÑÓпɸüа汾£¬½¨ÒéÊÜÓ°ÏìÓû§Éý¼¶ÖÁ×îа汾:

Apache Seata 2.1.0/1.8.1

¹Ù·½ÏÂÔØµØÖ·£º

https://github.com/apache/incubator-seata/releases/tag/v2.1.0


¶þ¡¢mansion88Ã÷Éý½â¾ö·½°¸


1¡¢mansion88Ã÷ÉýÖն˲úÆ··½°¸


Ìì«‘Öն˰²È«Ò»Ì廯£¨EDR£©Ìṩ©¶´µÄרÏîÑéÖ¤¼ì²éÄÜÁ¦¶Ô©¶´×¤ÁôÖն˽øÐÐÈ«ÍøÍ¬²½ÑéÖ¤£¬Í¬Ê±Ìṩʵʱ¸æ¾¯Òì³£×Ó¸¸½ø³Ì£¬¼à¿ØÖ÷»úÒì³£ÍâÁ¬¼ì²â»ò·ÀÓùÄÜÁ¦£¬µÖÓù©¶´¹¥»÷·çÏÕ¡£


ͼƬ3.jpg


2¡¢mansion88Ã÷Éý¼ì²âÀà²úÆ··½°¸


ÌìãÙÈëÇÖ¼ì²âÓë¹ÜÀíϵͳ£¨IDS£©¡¢ÌìãÙ³¬Èںϼì²â̽Õ루CSP£©¡¢ÌìãÙÍþв·ÖÎöÒ»Ìå»ú£¨TAR£©¡¢ÌìÇåÈëÇÖ·ÀÓùϵͳ£¨IPS£©Éý¼¶µ½µ±Ç°×îа汾ʼþ¿â¼´¿ÉÓÐЧ¼ì²â»ò·À»¤¸Ã©¶´Ôì³ÉµÄ¹¥»÷·çÏÕ£¬Ê¼þ¿âÏÂÔØµØÖ·£º

https://venustech.download.venuscloud.cn/


3¡¢mansion88Ã÷Éý©ɨ²úÆ··½°¸


£¨1£©¡°mansion88Ã÷Éý©¶´É¨ÃèϵͳV6.0¡±²úÆ·ÒÑÖ§³Ö¶Ô¸Ã©¶´½øÐÐɨÃè¡£


ͼƬ4.png


£¨2£©mansion88Ã÷Éý©¶´É¨Ãèϵͳ608XϵÁа汾ÒÑÖ§³Ö¶Ô¸Ã©¶´½øÐÐɨÃè¡£


ͼƬ5.png


4¡¢mansion88Ã÷Éý×ʲúÓë´àÈõÐÔ¹ÜÀíÆ½Ì¨£¨ASM£©²úÆ··½°¸


mansion88Ã÷Éý×ʲúÓë´àÈõÐÔ¹ÜÀíÆ½Ì¨ÊµÊ±²É¼¯²¢¸üÐÂÇ鱨ÐÅÏ¢£¬¶ÔÈë¿â×ʲú©¶´Apache Seata ·´ÐòÁл¯Â©¶´£¨CVE-2024-22399£©½øÐйÜÀí¡£


ͼƬ6.png


5¡¢mansion88Ã÷Éý°²È«¹ÜÀíºÍÌ¬ÊÆ¸Ð֪ƽ̨²úÆ··½°¸


Óû§¿ÉÒÔͨ¹ýÌ©ºÏ°²È«¹ÜÀíºÍÌ¬ÊÆ¸Ð֪ƽ̨£¬½øÐйØÁª²ßÂÔÅäÖ㬽áºÏʵ¼Ê»·¾³ÖÐϵͳÈÕÖ¾ºÍ°²È«É豸µÄ¸æ¾¯ÐÅÏ¢½øÐгÖÐø¼à¿Ø£¬´Ó¶ø·¢ÏÖ¡°Apache Seata ·´ÐòÁл¯Â©¶´£¨CVE-2024-22399£©¡±µÄ©¶´ÀûÓù¥»÷ÐÐΪ¡£


£¨1£© ÔÚÌ©ºÏµÄƽ̨ÖУ¬Í¨¹ý´àÈõÐÔ·¢ÏÖ¹¦ÄÜÕë¶Ô¡°Apache Seata ·´ÐòÁл¯Â©¶´£¨CVE-2024-22399£©¡±Â©¶´É¨ÃèÈÎÎñ£¬ÅŲé¹ÜÀíÍøÂçÖÐÊÜ´Ë©¶´Ó°ÏìµÄÖØÒª×ʲú¡£


ͼƬ7.png


£¨2£©Æ½Ì¨¡°¹ØÁª·ÖÎö¡±Ä£¿éÖУ¬Ìí¼Ó¡°L2_Apache Seata ·´ÐòÁл¯Â©¶´¡±£¬Í¨¹ýmansion88Ã÷Éý¼ì²âÉ豸¡¢Ä¿±êÖ÷»úϵͳµÈÉ豸µÄ¸æ¾¯ÈÕÖ¾£¬·¢ÏÖÍⲿ¹¥»÷ÐÐΪ¡£


ͼƬ8.png


ͨ¹ý·ÖÎö¹æÔò×Ô¶¯½«"L2_Apache Seata·´ÐòÁл¯Â©¶´"©¶´ÀûÓõĿÉÒÉÐÐΪԴµØÖ·Ìí¼Óµ½¹Û²ìÁÐ±í¡°¸ß·çÏÕÁ¬½Ó¡±ÖУ¬×÷ΪÄÚ²¿Ç鱨Êý¾ÝʹÓá£


£¨3£© Ìí¼Ó¡°L3_Apache Seata·´ÐòÁл¯Â©¶´¡±£¬Ìõ¼þÈÕÖ¾Ãû³ÆµÈÓÚ»ò°üº¬¡°L2_Apache Seata ·´ÐòÁл¯Â©¶´¡±£¬¹¥»÷½á¹ûµÈÓÚ¡°¹¥»÷³É¹¦¡±£¬Ä¿µÄµØÖ·ÒýÓÃ×ʲú©¶´»òÔ´µØÖ·Æ¥ÅäÍþвÇ鱨£¬´Ó¶øÌáÉý¹ØÁª¹æÔòµÄÖÃÐŶÈ¡£


ͼƬ9.png


£¨4£©ATT&CK¹¥»÷Á´Ìõ·ÖÎöÓëSOAR´¦Öý¨Òé


¸ù¾Ý¶ÔCVE-2024-22399©¶´µÄ¹¥»÷ÀûÓùý³Ì½øÐзÖÎö£¬¹¥»÷Á´Éæ¼°¶à¸öATT&CKÕ½ÊõºÍ¼¼Êõ½×¶Î£¬¸²¸ÇµÄTTP°üÀ¨£º


TA0001³õʼ·ÃÎÊ£ºT1190ÀûÓÃÃæÏò¹«ÖÚµÄÓ¦ÓóÌÐò

TA0002Ö´ÐУºT1059ÃüÁîºÍ½Å±¾½âÊÍÆ÷

TA0004ÌáȨ£º T1068ÀûÓé¶´ÌáÉýȨÏÞ

TA0009Êý¾ÝÊÕ¼¯£º T1005´Ó±¾µØÏµÍ³ÊÕ¼¯Êý¾Ý


ͼƬ10.png


ͨ¹ýÌ©ºÏ°²È«¹ÜÀíºÍÌ¬ÊÆ¸Ð֪ƽ̨ÄÚÖÃSOAR×Ô¶¯»¯»ò°ë×Ô¶¯»¯±àÅÅÁª¶¯ÏìÓ¦´¦ÖÃÄÜÁ¦£¬Õë¶Ô¸Ã©¶´ÀûÓõĸ澯ʼþ±àÅž籾£¬½øÐÐ×Ô¶¯»¯´¦Öá£