Apache Tomcat DefaultServlet文件泄露漏洞-一一网

漏洞信息详情

Apache Tomcat DefaultServlet文件泄露漏洞

CNNVD编号：CNNVD-200210-257

危害等级：中危
CVE编号：
CVE-2002-1148
漏洞类型：

其他
发布时间：

2002-10-11
威胁类型：

远程
更新时间：

2019-04-03
厂商：

apache
漏洞来源：
Discovered by Ross…

漏洞简介

Tomcat 4.0.4版本和4.1.10版本以及之前版本中的默认控制器(org.apache.catalina.servlets.DefaultServlet)存在漏洞，远程攻击者可以借助到控制器的直接请求读取服务器文件的源代码。

漏洞公告

Fixed versions of Tomcat are available. Please see the references for details.

Sun Solaris 9

Sun 113146-11

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-113146-11-1“>

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21

-113146-11-1

Sun 114016-02

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114016-02-1“>

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21

-114016-02-1

Sun Solaris 9_x86

Sun 114017-02

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114017-02-1“>

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21

-114017-02-1

Sun 114145-10

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114145-10-1“>

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21

-114145-10-1

Apache Software Foundation Tomcat 3.0

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.1

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.1.1

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.2

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.2.1

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.2.2 beta2

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.2.3

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.2.4

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.3

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 3.3.1

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 4.0

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 4.0.1

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 4.0.2

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 4.0.3

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Debian libtomcat4-java_4.0.3-3woody1_all.deb

http://security.debian.org/pool/updates/contrib/t/tomcat4/libtomcat4-java_4.0.3-3woody1_all.deb“>

http://security.debian.org/pool/updates/contrib/t/tomcat4/libtomcat4-j

ava_4.0.3-3woody1_all.deb

Debian tomcat4-webapps_4.0.3-3woody1_all.deb

http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4-webapps_4.0.3-3woody1_all.deb“>

http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4-weba

pps_4.0.3-3woody1_all.deb

Debian tomcat4_4.0.3-3woody1_all.deb

http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody1_all.deb“>

http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.

3-3woody1_all.deb

Apache Software Foundation Tomcat 4.0.4

Apache Software Foundation Jakarta Tomcat 4.0.5

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/

Apache Software Foundation Tomcat 4.1

Apache Software Foundation Jakarta Tomcat 4.1.12

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/

Apache Software Foundation Tomcat 4.1.10

Apache Software Foundation Jakarta Tomcat 4.1.12

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/

Apache Software Foundation Tomcat 4.1.3 beta

Apache Software Foundation Jakarta Tomcat 4.1.12

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/

Apache Software Foundation Tomcat 4.1.9 beta

Apache Software Foundation Jakarta Tomcat 4.1.12

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/“>

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/

参考网址

来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-1148※http://www.securityfocus.com/bid/5786

链接:无

来源:MLIST

链接:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2002-217.html

来源:DEBIAN

链接:http://www.debian.org/security/2002/dsa-170

来源:XF

链接:http://www.iss.net/security_center/static/10175.php

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2002-218.html

来源:BID

链接:http://www.securityfocus.com/bid/5786

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=103288242014253&w=2

来源:HP

链接:http://online.securityfocus.com/advisories/4758

更多>>

文章版权归作者所有，未经允许请勿转载。

THE END

信息安全

多个供应商ftpd setproctitle()格式字符串漏洞

OwnCloud 跨站脚本漏洞

Android修炼系列（十三），分享几个有趣的自定义view小栗子

Rust 编程心得分享（一）

重流、重绘

PhpHostBot敏感信息泄露漏洞

Apache Tomcat DefaultServlet文件泄露漏洞

漏洞信息详情

Apache Tomcat DefaultServlet文件泄露漏洞

漏洞简介

漏洞公告

参考网址

受影响实体