22天920万次攻击,106种Apache Log4j2黑产“一攻就破组件”公布!
2022-1-5 10:33:37 Author: www.4hou.com(查看原文) 阅读量:19 收藏

404积极防御实验室持续跟踪Log4j2漏洞受影响情况,经创宇安全智脑监测到目前有106种组件受到Log4j2漏洞影响。ScanV MAX已支持对以下受影响组件的检测。

表1:受影响组件列表

序号

组件名称

1

Apache Camel

2

Apache Druid

3

Apache JSPwiki

4

Apache Kafka

5

Apache Ofbiz

6

Apache Solr

7

Apache Strust2

8

Apereo CAS

9

AppDynamics

10

Appeon PowerBuilder

11

Atlassian Bitbucket Server & Data Center

12

Avaya Analytics

13

Avaya Aura for OneCloud Private

14

Avaya Aura® Application Enablement Services

15

Avaya Aura® Contact Center

16

Avaya Aura® Device Services

17

Avaya Aura® Media Server

18

Avaya Aura® Presence Services

19

Avaya Aura® Session Manager

20

Avaya Aura® System Manager

21

Avaya Aura® Web Gateway

22

Avaya Breeze™

23

Avaya Business Rules Engine

24

Avaya Callback Assist

25

Avaya Contact Center Select

26

Avaya Device Enablement Service

27

Avaya Equinox™ Conferencing

28

Avaya Interaction Center

29

Avaya IP Office™ Platform

30

Avaya Meetings

31

Avaya one cloud private -UCaaS - Mid Market Aura

32

Avaya OneCloud-Private

33

Avaya Proactive Outreach Manager

34

Avaya Session Border Controller for Enterprise

35

Avaya Social Media Hub

36

Avaya Workforce Engagement

37

AvayaControl Manager

38

AvayaDevice Enrollment Service

39

Broadcom CA Advanced Authentication

40

Broadcom CA Risk Authentication

41

Broadcom CA Strong Authentication

42

Broadcom Symantec Endpoint Protection Manager (SEPM)

43

Cisco CloudCenter Suite Admin

44

Cisco Crosswork Change Automation

45

Cisco Evolved Programmable Network Manager

46

Cisco Integrated Management Controller (IMC) Supervisor

47

Cisco Umbrella

48

Cisco Unified Intelligent Contact Management Enterprise

49

Cisco Webex Cloud-Connected UC (CCUC)

50

Cisco Webex Meetings Server

51

Citrix Endpoint Management (Citrix XenMobile Server)

52

Dell EMC Avamar

53

Dell EMC OpenManage Enterprise Services

54

Dell Unisphere Central

55

Dell Wyse Management Suite

56

ElasticSearch

57

ExtraHop Reveal(x)

58

Fortinet FortiAIOps

59

Fortinet FortiCASB

60

Fortinet FortiConvertor

61

Fortinet FortiEDR Cloud

62

Fortinet FortiNAC

63

Fortinet FortiPolicy

64

Fortinet FortiPortal

65

Fortinet FortiSIEM

66

Fortinet FortiSOAR

67

Fortinet ShieldX

68

GE Gas Power Asset Performance Management (APM)

69

GE Gas Power Control Server

70

GE Gas Power Tag Mapping Service

71

IBM BigFix Compliance

72

IBM BigFix Inventory

73

IBM Cognos Controller

74

IBM Planning Analytics Workspace

75

IBM VMware Solutions

76

MobileIron Core

77

Opencast

78

OpenFire

79

OpenNMS

80

Oracle Exadata

81

SolarWinds Database Performance Analyzer (DPA)

82

SolarWinds Server & Application Monitor (SAM)

83

SonicWall Email Security

84

Sophos Mobile EAS Proxy

85

Splunk Data Stream Processor

86

Splunk Enterprise (including instance types like Heavy Forwarders)

87

Spring Cloud Services for VMware Tanzu

88

Tableau Server

89

UniFi-Network

90

Vmware API Portal for VMware Tanzu

91

VMware HCX

92

VMware Horizon

93

VMware Horizon DaaS

94

VMware Identity Manager

95

VMware NSX-T Data Centern

96

VMware Site Recovery Manager

97

VMware Tanzu Observability by Wavefront Nozzle

98

VMware vCenter Server

99

VMware vRealize Automation

100

VMware vRealize Lifecycle Manager

101

VMware vRealize Log Insight

102

VMware vRealize Operations Manager

103

VMware vRealize Orchestrator

104

VMware Workspace ONE Access

105

vRealize Operations - Tenant App for vCloud Director

106

致远OA

受影响组件TOP 10

根据Zoomeye全球资产探测报告显示,受影响数量最多的组件为UniFi-Network,以下为Zooneye探测到的全球受影响组件TOP10:

表2:受影响组件TOP 10

序号
组件名称
ZoomEye搜索语法
数量
1
UniFi-Network
title:"UniFi Network"
219011
2
ElasticSearch
 app:"Elasticsearch REST API"
178560
3
VMware Horizon
app:"VMware Horizon"
104766
4
OpenFire
app:"Openfire"
82640
5
致远OA
app:"用友 致远OA"
63766
6
Splunk Enterprise (including instance types like Heavy Forwarders)
app:"Splunk Enterprise"
55055
7
Apache Solr
app:"Apache Solr"
38664
8
Citrix Endpoint Management (Citrix XenMobile Server)
app:"Citrix XenMobile Server"
33204
9
Spring Cloud Services for VMware Tanzu
title:"VMware Cloud Services"
7142
10
MobileIron Core
title:"MobileIron User Portal: Sign In"
6447

受攻击组件TOP

根据创宇安全智脑捕获到的攻击样本数,2021年12月9日至2021年12月31日14:00期间知道创宇云防御共拦截到Log4j2漏洞利用攻击9202715次、捕获到攻击样本20余种,其中ElasticSearch是受攻击最多的组件。

表3:受攻击组件TOP

序号

组件名称
被攻击次数
1
ElasticSearch
608972
2
Apache Kafka
530075
3
UniFi-Network
485902
4
Apache Strust2
460135
5
Apache Druid
423324
6
VMware Horizon
331297
7
IBM Planning Analytics Workspace
320253
8
VMware NSX-T Data Centern
276081
9
Apache Solr
265037
10
SolarWinds Server & Application Monitor (SAM)
239271

知道创宇404积极防御实验建议使用Log4j2相关组件的用户请及时升级到最新版本,避免遭受漏洞攻击。

如若转载,请注明原文地址


文章来源: https://www.4hou.com/posts/oXkL
如有侵权请联系:admin#unsafe.sh