低危 Apache Ant信息泄露漏洞

CVE编号

CVE-2020-1945

利用情况

暂无

补丁情况

官方补丁

披露时间

2020-05-15
漏洞描述
Apache Ant是美国阿帕奇软件(Apache Software)基金会的一套用于Java软件开发的自动化工具。该工具主要用于软件的编译、测试和部署等。
Apache Ant 1.1版本至1.9.14版本和1.10.0版本至1.10.7版本中存在安全漏洞。攻击者可利用该漏洞泄漏敏感信息。

解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://ant.apache.org/security.html
参考链接
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html
http://www.openwall.com/lists/oss-security/2020/09/30/6
http://www.openwall.com/lists/oss-security/2020/12/06/1
https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518...
https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef54214...
https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399...
https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d7...
https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa...
https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4f...
https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e84673...
https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434f...
https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f5...
https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f220...
https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6...
https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d49939...
https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703...
https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90...
https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e...
https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a...
https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f6...
https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae...
https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbf...
https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c4...
https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d...
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618...
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618...
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618...
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9...
https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a...
https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5...
https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d612...
https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017c...
https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb...
https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217...
https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a...
https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683...
https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da...
https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e1...
https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7...
https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1...
https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202007-34
https://usn.ubuntu.com/4380-1/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 apache ant * From
(including)
1.1
Up to
(including)
1.9.14
运行在以下环境
应用 apache ant * From
(including)
1.10.0
Up to
(including)
1.10.7
运行在以下环境
系统 alpine_3.11 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 alpine_3.12 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 alpine_3.13 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 alpine_3.14 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 alpine_3.15 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 alpine_3.16 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 alpine_3.17 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 alpine_3.18 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 alpine_3.19 apache-ant * Up to
(excluding)
1.10.8-r0
运行在以下环境
系统 debian_11 ant * Up to
(excluding)
1.10.8-1
运行在以下环境
系统 debian_12 ant * Up to
(excluding)
1.10.8-1
运行在以下环境
系统 fedora_31 * Up to
(excluding)
1.10.8-1.fc31
运行在以下环境
系统 fedora_32 * Up to
(excluding)
1.10.8-1.fc32
运行在以下环境
系统 opensuse_Leap_15.2 ant * Up to
(excluding)
1.10.7-lp152.2.3.1
运行在以下环境
系统 suse_12_SP5 ant * Up to
(excluding)
1.9.4-3.12.1
阿里云评分
2.3
  • 攻击路径
    本地
  • 攻击复杂度
    困难
  • 权限要求
    普通权限
  • 影响范围
    有限影响
  • EXP成熟度
    未验证
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    无影响
  • 全网数量
    100
CWE-ID 漏洞类型
CWE-200 信息暴露
CWE-668 将资源暴露给错误范围
阿里云安全产品覆盖情况