当前位置:网站首页>Apache APIs IX has the risk of rewriting the x-real-ip header (cve-2022-24112)
Apache APIs IX has the risk of rewriting the x-real-ip header (cve-2022-24112)
2022-06-26 16:45:00 【Apacheapisik China Community】
Problem description
stay Apache APISIX 2.12.1 In the previous version ( It doesn't contain 2.12.1 and 2.10.4), Enable Apache APISIX batch-requests After the plug-in , There will be rewriting X-REAL-IP header risk .
This risk leads to two problems :
- Through
batch-requestsPlug ins bypass Apache APISIX Data plane IP Limit . For example, bypass IP Black and white list restrictions . - If the user uses Apache APISIX The default configuration ( Enable Admin API , Use the default Admin Key And no additional management ports are assigned ), Attackers can get through
batch-requestsPlug in call Admin API .
Affects version
- Apache APISIX 1.3 ~ 2.12.1 Between all versions ( It doesn't contain 2.12.1 )
- Apache APISIX 2.10.0 ~ 2.10.4 LTS Between all versions ( It doesn't contain 2.10.4)
Solution
- The problem has been solved in 2.12.1 and 2.10.4 Resolved in version , Please update to the relevant version as soon as possible .
- In the affected Apache APISIX In the version , It can be done to
conf/config.yamlandconf/config-default.yamlFile explicitly commented outbatch-requests, And restart Apache APISIX This risk can be avoided .
Vulnerability Details
Vulnerability priority : high
Vulnerability disclosure time :2022 year 2 month 11 Japan
CVE Details :https://nvd.nist.gov/vuln/detail/CVE-2022-24112
Contributor profile
The vulnerability was discovered by Changting technology in Real World CTF Found in , And by the Sauercloud Report to Apache Software foundation . Thank you for Apache APISIX Community contribution .
边栏推荐
- 内存分区模型
- 【从删库到跑路】MySQL基础 完结篇(入个门先跑路了。。)
- TCP congestion control details | 1 summary
- Develop operator based on kubebuilder (for getting started)
- Multiply the values of the upper triangular elements of the array by M
- In a bad mood, I just write code like this
- Junit单元测试
- Greenplum数据库故障分析——semop(id=2000421076,num=11) failed: invalid argument
- NFT 交易市场社区所有化势不可挡
- 经典同步问题
猜你喜欢
当一个程序员一天被打扰 10 次,后果很惊人!
Set up your own website (16)
国内首款开源 MySQL HTAP 数据库即将发布,三大看点提前告知
C语言所有知识点小结
100+数据科学面试问题和答案总结 - 基础知识和数据分析
Cuckoo filter for Chang'an chain transaction
Scala Basics (II): variables and data types
Stm32h7b0 replaces the h750 program, causing the MCU to hang up and unable to burn the program
![[matlab project practice] prediction of remaining service life of lithium ion battery based on convolutional neural network and bidirectional long short time (cnn-lstm) fusion](/img/a6/6d3914360ffe4732db0dbd2aaf1994.png)
[matlab project practice] prediction of remaining service life of lithium ion battery based on convolutional neural network and bidirectional long short time (cnn-lstm) fusion
NFT 交易市场社区所有化势不可挡
随机推荐
Set up your own website (16)
Redis 迁移(操作流程建议)
No manual prior is required! HKU & Tongji & lunarai & Kuangshi proposed self supervised visual representation learning based on semantic grouping, which significantly improved the tasks of target dete
[207] several possible causes of Apache crash
C语言所有知识点小结
探讨:下一代稳定币
Make up the weakness - Open Source im project openim about initialization / login / friend interface document introduction
Detailed explanation of cookies and sessions
Arduino UNO + DS1302简单获取时间并串口打印
Which position does Anxin securities rank? Is it safe to open an account?
LeetCode Algorithm 24. 两两交换链表中的节点
TCP congestion control details | 1 summary
Greenplum database fault analysis - semop (id=2000421076, num=11) failed: invalid argument
C language --- basic function realization of push box 01
[force deduction question] two point search: 4 Find the median of two positive arrays
Use the array to calculate the average of N numbers, and output the numbers greater than the average
Stm32h7b0 replaces the h750 program, causing the MCU to hang up and unable to burn the program
108. 简易聊天室11:实现客户端群聊
进军AR领域,这一次罗永浩能成吗?
Experience in hierarchical debugging of boards and cards