Akamai Technologies¤Ï¤³¤Î¤Û¤É¡¢¡Ö2024: Old CVEs, New Targets - Active Exploitation of ThinkPHP¡ÃAkamai¡×¤Ë¤ª¤¤¤Æ¡¢ThinkPHP¤Î¸Å¤¤ÀȼåÀ­¤ò°­ÍѤ¹¤ë¥µ¥¤¥Ð¡¼¹¶·â¤Î¥­¥ã¥ó¥Ú¡¼¥ó¤òȯ¸«¤·¤¿¤ÈÊ󤸤¿¡£¤³¤Î¥­¥ã¥ó¥Ú¡¼¥ó¤Ç¤ÏThinkPHP¤òÍøÍѤ·¤Æ¤¤¤ëWeb¥µ¥¤¥È¤ËÂФ·¥Ð¥Ã¥¯¥É¥¢¡ÖDama Web¥·¥§¥ë¡×¤òŸ³«¤¹¤ë¤È¤¤¤¦¡£

2024: Old CVEs, New Targets - Active Exploitation of ThinkPHP¡ÃAkamai

¡û¡ÖThinkPHP¡×¤È¤Ï

º£²ó¹¶·â¤ÎÂоݤȤʤä¿¡ÖThinkPHP¡×¤Ï¡¢Ãæ¹ñ¤Î¥ª¡¼¥×¥ó¥½¡¼¥¹PHP¥Õ¥ì¡¼¥à¥ï¡¼¥¯¡£¥â¥Ç¥ë¥Ó¥å¡¼¥³¥ó¥È¥í¡¼¥é¡¼(MVC: Model View Controller)¥¢¡¼¥­¥Æ¥¯¥Á¥ã¤Ë¤è¤ëWeb¥¢¥×¥ê¥±¡¼¥·¥ç¥ó³«È¯¤ò»Ù±ç¤¹¤ë¡£

¡û¿¯³²·ÐÏ©

Akamai Technologies¤Ë¤è¤ë¤È¡¢º£²ó¤Î¥­¥ã¥ó¥Ú¡¼¥ó¤Ç¤Ï¡¢¼¡¤Î2·ï¤ÎÀȼåÀ­¤¬°­ÍѤµ¤ì¤¿¤È¤¤¤¦¡£

CVE-2018-20062 - ThinkPHP¤ÎApp.php¤ËǤ°Õ¤ÎPHP¥³¡¼¥É¼Â¹Ô¤ÎÀȼåÀ­

CVE-2019-9082 - ThinkPHP¤Ë¥ê¥â¡¼¥È¥³¡¼¥É¼Â¹Ô(RCE: Remote Code Execution)¤ÎÀȼåÀ­

¹¶·â¼Ô¤Ï¤³¤ì¤éÀȼåÀ­¤òÍøÍѤ·¡¢¸Å¤¤ThinkPHP¤¬Æ°ºî¤·¤Æ¤¤¤ëWeb¥µ¥¤¥È¤ò¿¯³²¤·¡¢¥Ð¥Ã¥¯¥É¥¢¤òÀßÃÖ¤¹¤ë¡£¤³¤Î¥­¥ã¥ó¥Ú¡¼¥ó¤Ï2023ǯ10·îº¢¤«¤éÆÃÄê¤Î¸ÜµÒ¡¢ÁÈ¿¥¤òɸŪ¤Ë³«»Ï¤µ¤ì¡¢ºÇ¶á¤Ë¤Ê¤ê³èÆ°ÈϰϤ¬³ÈÂ礷¤¿¤È¤µ¤ì¤ë¡£

¡û±Æ¶Á¤ÈÂкö

Akamai Technologies¤ÎÄ´ºº¤Ë¤è¤ë¤È¡¢¤³¤Î¹¶·â¤Î¿¤¯¤Ï¹á¹Á¤Î¥¯¥é¥¦¥É¥×¥í¥Ð¥¤¥À¡¼¤Î´ÉÍý²¼¤Ë¤¢¤ëÊ£¿ô¤Î¥µ¡¼¥Ð¤«¤é¼Â¹Ô¤µ¤ì¤¿¤È¤¤¤¦¡£¤·¤«¤·¤Ê¤¬¤é¡¢¤³¤ì¤é¥µ¡¼¥Ð¤Ë¤âƱ¤¸¥Ð¥Ã¥¯¥É¥¢¤¬ÀßÃÖ¤µ¤ì¤Æ¤¤¤ë¤³¤È¤«¤é¡¢¹¶·â¼Ô¤Ï¤³¤ì¤é¥µ¡¼¥Ð¡¼¤òƧ¤ßÂæ¤Ë¤·¤Æ¹¶·â¤ò³ÈÂ礷¤¿¤â¤Î¤È¤ß¤é¤ì¤Æ¤¤¤ë¡£

¤Ê¤ª¡¢ÀßÃÖ¤µ¤ì¤ëDama Web¥·¥§¥ë¤Ë¤Ï¾ðÊóÀà¼è¡¢¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤ÎÁàºî¡¢¥Ç¡¼¥¿¥Ù¡¼¥¹¤ÎÀà¼è¡¢¥·¥§¥ë¥³¥Þ¥ó¥É¤Î¼Â¹Ô¡¢Windows¥¿¥¹¥¯¥¹¥±¥¸¥å¡¼¥é¡¼¤ÎÁàºî¤ò²ð¤·¤¿Æø¢¥æ¡¼¥¶¡¼¤ÎÄɲõ¡Ç½¤Ê¤É¤¬¤¢¤ë¤È¤µ¤ì¤ë¡£

Dama Web¥·¥§¥ë¤ÎÁàºî²èÌÌ¡¡°úÍÑ¡§Akamai Technologies

Akamai Technologies¤Ï¤³¤Î¹¶·â¤ò²óÈò¤¹¤ë¤¿¤á¡¢ThinkPHP¤òºÇ¿·¥Ð¡¼¥¸¥ç¥ó¤Î8.0°Ê¹ß¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£¤·¤«¤·¤Ê¤¬¤é¡¢ThinkPHP¤òÁȤ߹þ¤ó¤Ç¤¤¤ë¤¹¤Ù¤Æ¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤òºÇ¿·ÈǤ˥¢¥Ã¥×¥Ç¡¼¥È¤Ç¤­¤ë¤È¤Ï¸Â¤é¤Ê¤¤¡£¤½¤¦¤·¤¿¾ì¹ç¤Ï¡¢Akamai Technologies¤Î¡ÖAdaptive Security Engine¡×¤òÈ÷¤¨¤¿¡ÖApp & API Protector¡×¤ÎƳÆþ¤ò¿ä¾©¤·¤Æ¤¤¤ë¡£