exposed-zookeeper: Apache ZooKeeper - Unauthenticated Access

日期: 2025-08-01 | 影响软件: Apache ZooKeeper | POC: 已公开

漏洞描述

Apache ZooKeeper was able to be accessed without any required authentication.

PoC代码[已公开]

id: exposed-zookeeper

info:
  name: Apache ZooKeeper - Unauthenticated Access
  author: pdteam
  severity: high
  description: Apache ZooKeeper was able to be accessed without any required authentication.
  reference:
    - https://zookeeper.apache.org/security.html
  metadata:
    max-request: 1
  tags: network,zookeeper,unauth,exposure,tcp,discovery

tcp:
  - inputs:
      - data: "envi\r\nquit\r\n"

    host:
      - "{{Hostname}}"
    port: 2181
    read-size: 2048

    matchers:
      - type: word
        words:
          - "zookeeper.version"
# digest: 4a0a004730450221009c44b5f530cfc18cbf470145be3ccd938c24546154a445810c7765f8877107630220673bdcd121e86cc1797ecf4146a71979452bba610e48c0760fe5b73dee78c406:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/network/exposures/exposed-zookeeper.yaml

相关漏洞推荐