最近公司一直对安全方面抓的较紧,今天需要升级fastjson的漏洞,明天升级组件中引用的jackson漏洞,还有跨域等,这里针对项目中的一个远端WWW服务支持TRACE请求的漏洞解决进行记录下:
1、首先应用部署到linux环境后,检查trace漏洞用如下命令:
curl -i -s -k -X $'TRACE' \ -H $'Host: 10.11.10.11:9801' -H $'Pragma: no-cache' -H $'Cache-Control: no-cache' -H $'DNT: 1' -H $'Upgrade-Insecure-Requests: 1' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36 Edg/84.0.522.59' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6' -H $'Connection: close' \ $'http://10.11.10.11:9801/'
如果返回200这表明存在该漏洞。