IDPA:Apache Tomcat 預設安裝的安全性漏洞
Summary: 本文針對在 ACM 上偵測到的「Apache Tomcat 預設安裝及/或歡迎頁面安裝的安全性漏洞」提供因應措施。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
在連接埠 8543 的 IDPA ACM 部分可能會偵測到下列漏洞:
| 漏洞標題 | 元件 | 服務連接埠 | 漏洞嚴重性層級 | 漏洞說明 | 漏洞證明 | 漏洞解決方案 |
|---|---|---|---|---|---|---|
| 已安裝 Apache Tomcat 預設安裝或歡迎頁面 | ACM | 8543 | 5 | Tomcat 預設安裝或「歡迎」頁面已安裝在此伺服器上。這通常表示新安裝的伺服器尚未正確配置,並且可能未知。 通常,Tomcat 與其他應用程式一起安裝,使用者可能不知道 Web 伺服器正在運行。這些伺服器很少更新,也很少受到監控,為駭客提供了一個方便的目標,不太可能觸發任何警報。 |
正在執行 HTTPS 服務 * 產品 Tomcat 存在 -- Apache Tomcat 9.0.45。 HTTP GET 要求 https://<ACM IP>:8543/HTTP 回應代碼為預期 200。 <h1>Apache Tomcat/9.0.45</h1> 27: </div> 28: <div id="upper" class="curved container"> 29: <div id="congrats" class="curved container"> 30: ... this, you have successfully installed Tomcat. Congratulations!</h2> |
變更預設頁面,或停止並完全停用 Tomcat 伺服器。 如果需要此伺服器提供必要的功能,則應將預設頁面替換為相關內容。否則,應遵循最小複雜性的安全原則,從網路中刪除此伺服器。 |
請遵循這些步驟來解決此問題:
- 以 root身分登入 ACM
- 將工作目錄變更為
/usr/local/dataprotection/apache-tomcat-9.0.*/webapps/ROOT.
acm:~ # cd /usr/local/dataprotection/apache-tomcat-9.0.*/webapps/ROOT
在此範例中,Apache Tomcat 路徑為
/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT
這可能會根據正在開發的 IDPA 版本而有所變更。
- 確認
index.jsp檔案存在於目錄中:
acm:/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT # ls -la total 188 drwxr-x--- 3 idpauser idpauser 4096 Nov 12 00:29 . drwxr-x--- 6 idpauser idpauser 4096 Dec 6 17:00 .. -rw-r----- 1 idpauser idpauser 12243 Feb 4 2022 1 -rw-r----- 1 idpauser idpauser 6898 Mar 30 2021 RELEASE-NOTES.txt drwxr-x--- 2 idpauser idpauser 4096 May 7 2021 WEB-INF -rw-r----- 1 idpauser idpauser 27235 Mar 30 2021 asf-logo-wide.svg -rw-r----- 1 idpauser idpauser 713 Mar 30 2021 bg-button.png -rw-r----- 1 idpauser idpauser 1918 Mar 30 2021 bg-middle.png -rw-r----- 1 idpauser idpauser 1401 Mar 30 2021 bg-nav.png -rw-r----- 1 idpauser idpauser 3103 Mar 30 2021 bg-upper.png -rw-r----- 1 idpauser idpauser 21630 Mar 30 2021 favicon.ico -rw-r----- 1 idpauser idpauser 12243 Feb 4 2022 index.jsp -rw-r----- 1 idpauser idpauser 5542 Mar 30 2021 tomcat.css -rw-r----- 1 idpauser idpauser 67795 Mar 30 2021 tomcat.svg acm:/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT #
- 備份現有的
index.jsp透過將其複製到index.jsp.default:
acm:/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT # cp -p index.jsp index.jsp.default
注意:作為參考,在實施因應措施之前,請執行下列命令
curl -kv https://localhost:8543。應在步驟 8 中使用此輸出來比較因應措施後的輸出。
- 建立 一個名為的新檔案
index.jsp並將其內容替換為以下內容:
<html>
<body>
<%
response.sendRedirect("../dataprotection/");
%>
</body>
</html>
以下是有關如何建立和編輯 index.jsp 檔案:
- 移除 現有的
index.jsp
rm index.jsp
- 建立 新的
index.jsp檔案。
vi index.jsp
- 同時按下鍵盤上的
i以進入插入模式。這允許對檔進行編輯。 - 複製 上面的文字並將其粘貼到 vi 編輯器中。
- 按下以退出插入模式
Esc - 儲存 變更,然後輸入 vi
:wq!然後按下 Enter 鍵。
- 確認內容
index.jsp使用下列命令的檔案:
acm:/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT # ls -la
total 192
drwxr-x--- 3 idpauser idpauser 4096 Dec 6 17:05 .
drwxr-x--- 6 idpauser idpauser 4096 Dec 6 17:00 ..
-rw-r----- 1 idpauser idpauser 12243 Feb 4 2022 1
-rw-r----- 1 idpauser idpauser 6898 Mar 30 2021 RELEASE-NOTES.txt
drwxr-x--- 2 idpauser idpauser 4096 May 7 2021 WEB-INF
-rw-r----- 1 idpauser idpauser 27235 Mar 30 2021 asf-logo-wide.svg
-rw-r----- 1 idpauser idpauser 713 Mar 30 2021 bg-button.png
-rw-r----- 1 idpauser idpauser 1918 Mar 30 2021 bg-middle.png
-rw-r----- 1 idpauser idpauser 1401 Mar 30 2021 bg-nav.png
-rw-r----- 1 idpauser idpauser 3103 Mar 30 2021 bg-upper.png
-rw-r----- 1 idpauser idpauser 21630 Mar 30 2021 favicon.ico
-rw-r----- 1 idpauser idpauser 81 Feb 10 05:27 index.jsp
-rw-r----- 1 idpauser idpauser 12243 Feb 4 2022 index.jsp.default
-rw-r----- 1 idpauser idpauser 5542 Mar 30 2021 tomcat.css
-rw-r----- 1 idpauser idpauser 67795 Mar 30 2021 tomcat.svg
acm:/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT # cat index.jsp
<html>
<body>
<%
response.sendRedirect("../dataprotection/");
%>
</body>
</html>
acm:/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT #
- 開啟 網頁瀏覽器 並存取 ACM 網頁,並檢查其是否正常運作。開啟 ACM 網頁時:
https://<ACM IP Adddress>:8543/
它應該會自動重定向:
https://<ACM IP Adddress>:8543/dataprotection/#/login
- 在 ACM 命令列中驗證變更:
在實施因應措施之前,
curl -kv https://localhost:8543 將類似於:
注意:可使用
curl -kv https://<ACM IP address>:8543 傳回相同的結果:
acm:/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT # curl -kv https://localhost:8543 * Rebuilt URL to: https://localhost:8543/ * Trying 12x.0.0.1... * TCP_NODELAY set * Connected to localhost (12x.0.0.1) port 8543 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=US; ST=California; L=Irvine; O=EMC; OU=Avamar; CN=localhost.localdom * start date: Feb 4 12:27:16 2022 GMT * expire date: Feb 2 12:27:16 2032 GMT * issuer: C=US; ST=California; L=Irvine; O=EMC; OU=Avamar; CN=localhost.localdom * SSL certificate verify result: self signed certificate (18), continuing anyway. > GET / HTTP/1.1 > Host: localhost:8543 > User-Agent: curl/7.60.0 > Accept: */* > < HTTP/1.1 200 < Content-Type: text/html;charset=UTF-8 < Transfer-Encoding: chunked < Date: Fri, 10 Feb 2023 05:39:29 GMT < Connection: close < Server: DataDomain < <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <title>Apache Tomcat/9.0.45</title> <link href="favicon.ico" rel="icon" type="image/x-icon" /> <link href="tomcat.css" rel="stylesheet" type="text/css" /> <script>window.location = window.location.origin + "/dataprotection/"; </script></head> <body> <div id="wrapper"> <div id="navigation" class="curved container"> <span id="nav-home"><a href="https://tomcat.apache.org/">Home</a></span> <span id="nav-hosts"><a href="/docs/">Documentation</a></span> <span id="nav-config"><a href="/docs/config/">Configuration</a></span> <span id="nav-examples"><a href="/examples/">Examples</a></span> <span id="nav-wiki"><a href="https://wiki.apache.org/tomcat/FrontPage">Wiki</a></span> <span id="nav-lists"><a href="https://tomcat.apache.org/lists.html">Mailing Lists</a></span> <span id="nav-help"><a href="https://tomcat.apache.org/findhelp.html">Find Help</a></span> <br class="separator" /> </div> <div id="asf-box"> <h1>Apache Tomcat/9.0.45</h1> </div> <div id="upper" class="curved container"> <div id="congrats" class="curved container"> <h2>If you're seeing this, you've successfully installed Tomcat. Congratulations!</h2> </div> ... skipped </body> </html>
實作因應措施後,輸出結果應變為:
acm:/usr/local/dataprotection/apache-tomcat-9.0.45/webapps/ROOT # curl -kv https://localhost:8543 * Rebuilt URL to: https://localhost:8543/ * Trying 12x.0.0.1... * TCP_NODELAY set * Connected to localhost (12x.0.0.1) port 8543 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=US; ST=California; L=Irvine; O=EMC; OU=Avamar; CN=localhost.localdom * start date: Feb 4 12:27:16 2022 GMT * expire date: Feb 2 12:27:16 2032 GMT * issuer: C=US; ST=California; L=Irvine; O=EMC; OU=Avamar; CN=localhost.localdom * SSL certificate verify result: self signed certificate (18), continuing anyway. > GET / HTTP/1.1 > Host: localhost:8543 > User-Agent: curl/7.60.0 > Accept: */* > < HTTP/1.1 302 < Set-Cookie: JSESSIONID=3396A12A1A458BBB4DDCB636A72B66EE; Path=/; Secure; HttpOnly < Location: ../dataprotection/ < Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 0 < Date: Fri, 10 Feb 2023 05:42:58 GMT < Connection: close < Server: DataDomain < * Closing connection 0 * TLSv1.2 (OUT), TLS alert, Client hello (1):
Additional Information
如果按照上述程序操作後,ACM 網頁顯示「HTTP 狀態 500 - 內部伺服器錯誤」,例如:
使用 SSH,以根使用者身分登入 ACM,然後使用下列命令重新啟動 ACM 服務:
service dataprotection_webapp stop service dataprotection_webapp start
然後再次重新載入 ACM 網頁。
如有需要,請聯絡 Dell 支援 以取得進一步協助。
Affected Products
PowerProtect DP4400, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software
, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900
...
Article Properties
Article Number: 000206114
Article Type: How To
Last Modified: 25 Aug 2025
Version: 11
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.