Adobe ColdFusionÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-21087£©

Ðû²¼Ê±¼ä 2021-03-23

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2021-21087

ʱ   ¼ä

2021-03-23

Àà   ÐÍ

 RCE

µÈ   ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

ÊÇ

 

0x01 Îó²îÏêÇé

image.png

 

Adobe ColdFusionÊÇÃÀ¹úAdobe¹«Ë¾Ñз¢µÄÒ»¿î¶¯Ì¬WebЧÀÍÆ÷²úÆ·£¬£¬£¬£¬£¬£¬ £¬ÆäÔËÐеÄCFML£¨ColdFusion Markup Language£©ÊÇÒ»ÖÖÕë¶ÔWebÓ¦Óõľ籾ÓïÑÔ¡£¡£¡£¡£¡£¡£

2021Äê03ÔÂ22ÈÕ£¬£¬£¬£¬£¬£¬ £¬Adobe¹Ù·½Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬ £¬¹ûÕæÁËColdFusionÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-21087£©¡£¡£¡£¡£¡£¡£ÓÉÓÚδ׼ȷÑéÖ¤ÊäÈ룬£¬£¬£¬£¬£¬ £¬Î´ÊÚȨµÄ¹¥»÷Õß¿ÉÒÔͨ¹ý·¢ËͶñÒâÇëÇóÀ´Ô¶³ÌÖ´ÐÐí§Òâ´úÂ룬£¬£¬£¬£¬£¬ £¬ÏÖÔÚ¸ÃÎó²îÒѾ­·ºÆðÔÚҰʹÓÃÇéÐΣ¬£¬£¬£¬£¬£¬ £¬µ«Îó²îµÄϸ½ÚÉÐδ¹ûÕæ¡£¡£¡£¡£¡£¡£

 

Ó°Ïì¹æÄ£

Adobe ColdFusion 2016 <= Update 16

Adobe ColdFusion 2018 <= Update 10

Adobe ColdFusion 2021°æ±¾2021.0.0.323925

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ¹Ù·½ÒÑÐÞ¸´ÁË´ËÎó²î£¬£¬£¬£¬£¬£¬ £¬½¨Òéʵʱ¸üÐÂÖÁÒÔÏ°汾£º

Adobe ColdFusion 2016 Update 17

Adobe ColdFusion 2018 Update 11

Adobe ColdFusion 2021 Update 1

 

ÊÖ¶¯×°ÖøüÐÂ

1.ÏÂÔØÒÔÏÂjar°ü¡£¡£¡£¡£¡£¡£

Adobe ColdFusion 2016 Update 17

ÏÂÔØÁ´½Ó£º

https://cfdownload.adobe.com/pub/adobe/coldfusion/2016/updates/hotfix-017-325979.jar

Adobe ColdFusion 2018 Update 11

ÏÂÔØÁ´½Ó£º

https://cfdownload.adobe.com/pub/adobe/coldfusion/2018/updates/hotfix-011-326016.jar

Adobe ColdFusion 2021 Update 1

ÏÂÔØÁ´½Ó£º

https://cfdownload.adobe.com/pub/adobe/coldfusion/2021/updates/hotfix-001-325996.jar

 

2.ƾ֤ÏÂÔصIJ¹¶¡ÎļþÖ´ÐÐÒÔÏÂÏìÓ¦ÏÂÁ±ØÐè¾ßÓÐÆô¶¯»ò×èÖ¹ColdFusionЧÀÍÒÔ¼°¶ÔColdFusion¸ùĿ¼ÓÐÍêÈ«»á¼ûȨÏÞ¡£¡£¡£¡£¡£¡££©

Windows:

<cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-017-325979.jar

<cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-011-326016.jar

<cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-001-325996.jar

 

»ùÓÚLinuxµÄƽ̨:

<cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-017-325979.jar

<cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-011-326016.jar

<cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-001-325996.jar

3. È·±£ÓëColdFusionÀ¦°óÔÚÒ»ÆðµÄJREÓÃÓÚÖ´ÐÐÏÂÔصÄJAR¡£¡£¡£¡£¡£¡£¹ØÓÚ×ÔÁ¦µÄColdFusion£¬£¬£¬£¬£¬£¬ £¬Ëü±ØÐèλÓÚ<cf_root>/jre/bin¡£¡£¡£¡£¡£¡£

4.¸ü¶àÐÅÏ¢£¬£¬£¬£¬£¬£¬ £¬Çë²Î¿¼£º

https://helpx.adobe.com/coldfusion/configuring-administering/using-the-coldfusion-administrator.html#serverupdate

 

0x03 ²Î¿¼Á´½Ó

https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html#Solution

https://securityaffairs.co/wordpress/115864/security/adobe-coldfusion-flaw.html?

https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-17.html

 

0x04 ʱ¼äÏß

2021-03-22  AdobeÐû²¼Ç徲ͨ¸æ

2021-03-23  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png