Apache Ant 信息泄露漏洞

CNNVD-ID编号	CNNVD-202005-777
CVE编号	CVE-2020-1945
发布时间	2020-05-14
更新时间	2021-01-20
漏洞类型	信息泄露
漏洞来源	N/A
危险等级	中危
威胁类型	本地
厂商	N/A

漏洞介绍

Apache Ant是美国阿帕奇软件（Apache）基金会的一套用于Java软件开发的自动化工具。该工具主要用于软件的编译、测试和部署等。

Apache Ant 1.1版本至1.9.14版本和1.10.0版本至1.10.7版本中存在信息泄露漏洞。攻击者可利用该漏洞泄漏敏感信息。

漏洞补丁

目前厂商已发布升级了Apache Ant 信息泄露漏洞的补丁，Apache Ant 信息泄露漏洞的补丁获取链接：

https://ant.apache.org/security.html

参考网址

来源:MLIST

链接：https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E
来源:UBUNTU

链接：https://usn.ubuntu.com/4380-1/
来源:MLIST

链接：https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E
来源:MISC

链接：https://www.oracle.com/security-alerts/cpuoct2020.html
来源:MLIST

链接：https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E
来源:MISC

链接：https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/
来源:MLIST

链接：https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E
来源:GENTOO

链接：https://security.gentoo.org/glsa/202007-34
来源:MLIST

链接：https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：http://www.openwall.com/lists/oss-security/2020/09/30/6
来源:MLIST

链接：https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html
来源:MLIST

链接：https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/
来源:MLIST

链接：https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：http://www.openwall.com/lists/oss-security/2020/12/06/1
来源:MLIST

链接：https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E
来源:MISC

链接：https://www.oracle.com/security-alerts/cpujul2020.html
来源:www.oracle.com

链接：https://www.oracle.com/security-alerts/cpujul2020.html
来源:www.oracle.com

链接：https://www.oracle.com/security-alerts/cpujan2021.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1680/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2472/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157902/Ubuntu-Security-Notice-USN-4380-1.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159921/Red-Hat-Security-Advisory-2020-4960-01.html
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2020-1945
来源:www.oracle.com

链接：https://www.oracle.com/security-alerts/cpuoct2020.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2139/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1915/
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Apache-Ant-file-corruption-32379
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-platform-symphony-and-ibm-spectrum-symphony/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158150/Red-Hat-Security-Advisory-2020-2618-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158600/Gentoo-Linux-Security-Advisory-202007-34.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3485/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202005-777