问题描述:
今日在工作中遇到服务器被扫描出一个漏洞,描述如下:
风险描述:远程 Web 服务器支持 TRACE 和/或 TRACK方法。TRACE和 TRACK 是用于调试 Web 服务器连接的 HTTP 方法。
风险影响:通过一个跨站追踪攻击窃职 cookies 和验证信任
使用框架
springboot + redis +mybatis
web服务使用springboot 内嵌web服务 undertow
配置如下:
<!-- SpringBoot Web容器 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<artifactId>spring-boot-starter-tomcat</artifactId>
<groupId>org.springframework.boot</groupId>
</exclusion>
</exclusions>
</dependency>
<!-- web 容器使用 undertow 性能更强 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
在网上找啊找啊,大多是tomcat的,终于找到一个
@Bean
public UndertowEmbeddedServletContainerFactory embeddedServletContainerFactory() {
UndertowEmbeddedServletContainerFactory factory = new UndertowEmbeddedServletContainerFactory();
factory.addBuilderCustomizers(new UndertowBuilderCustomizer() {
@Override
public void customize(Builder builder) {
builder.addHttpListener(8080, "0.0.0.0");
}
});
return factory;
}
很遗憾不能用,各种类找不到BUG,接续找,终于找到springboot 2.0之后类名字变更,所以修改如下:
package com.ruoyi.medicine.config;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.WebResourceCollection;
import org.springframework.boot.web.embedded.undertow.UndertowDeploymentInfoCustomizer;
import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
/**
* @author wang'hai'yang
* @Description:
* @date 2024/2/2110:46
*/
@Configuration
public class EmbeddedServletContainerCustomizerConfig {
@Bean
public WebServerFactoryCustomizer containerCustomizer() {
return new WebServerFactoryCustomizer() {
@Override
public void customize(WebServerFactory factory) {
if(factory.getClass().isAssignableFrom(UndertowServletWebServerFactory.class)){
UndertowServletWebServerFactory underTowContainer = (UndertowServletWebServerFactory) factory;
underTowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
}
}
};
}
private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {
@Override
public void customize(DeploymentInfo deploymentInfo) {
SecurityConstraint constraint = new SecurityConstraint();
WebResourceCollection traceWebresource = new WebResourceCollection();
traceWebresource.addUrlPattern("/*");
traceWebresource.addHttpMethod(HttpMethod.TRACE.toString());
constraint.addWebResourceCollection(traceWebresource);
deploymentInfo.addSecurityConstraint(constraint);
}
}
}
测试方式及结果
如图所示,代表成功,否则 红框所示地方显示 HTTP/1.1 200 OK