漏洞信息详情
Apache Tomcat调用Servlet文件泄露漏洞
- CNNVD编号:CNNVD-200301-017
- 危害等级: 高危
![图片[1]-Apache Tomcat调用Servlet文件泄露漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2002-1394
- 漏洞类型:
其他
- 发布时间:
2003-01-17
- 威胁类型:
远程
- 更新时间:
2019-04-03
- 厂 商:
apache - 漏洞来源:
Tomcat development… -
漏洞简介
Apache Apache Tomcat是美国阿帕奇(Apache)软件基金会下属的Jakarta项目的一款轻量级Web应用服务器,它主要用于开发和调试JSP程序,适用于中小型系统。可运行在Unix、Linux和Windows操作系统下。Apache Tomcat不正确处理用户提交的恶意Servlet请求,远程攻击者可以利用这个漏洞获得JSP源代码或其他受保护资源信息。此漏洞允许攻击者提交恶意构建的URL,使Apache Tomcat返回未被处理的JSP页面代码,在某些特殊情况下,可以未授权获得受安全保护的页面信息。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 通过从Tomcat配置文件$CATALINA_HOME/conf/web.xml中删除如下行暂时修补此漏洞:
厂商补丁:
Debian
——
http://www.debian.org/security/2003/dsa-225” target=”_blank”>
http://www.debian.org/security/2003/dsa-225
Apache
——
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Apache Software Foundation Tomcat 4.0:
Apache Software Foundation Hotfix 13365.zip
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip” target=”_blank”>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip
Apache Software Foundation Tomcat 4.0.1:
Apache Software Foundation Hotfix 13365.zip
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip” target=”_blank”>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip
Apache Software Foundation Tomcat 4.0.2:
Apache Software Foundation Hotfix 13365.zip
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip” target=”_blank”>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip
Apache Software Foundation Tomcat 4.0.3:
Apache Software Foundation Hotfix 13365.zip
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip” target=”_blank”>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip
Apache Software Foundation Tomcat 4.1:
Apache Software Foundation Upgrade Jakarta Tomcat 4.1.12
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/” target=”_blank”>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/
Apache Software Foundation Tomcat 4.1.3 beta:
Apache Software Foundation Upgrade Jakarta Tomcat 4.1.12
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/” target=”_blank”>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/
Apache Software Foundation Tomcat 4.1.9 beta:
Apache Software Foundation Upgrade Jakarta Tomcat 4.1.12
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/” target=”_blank”>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/
Apache Software Foundation Tomcat 4.1.10:
Apache Software Foundation Upgrade Jakarta Tomcat 4.1.12
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/” target=”_blank”>
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/
参考网址
来源:MLIST
来源:MLIST
来源:CONFIRM
链接:http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2003-082.html
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2003-075.html
来源:GENTOO
链接:http://marc.info/?l=bugtraq&m=103470282514938&w=2
来源:DEBIAN
链接:http://www.debian.org/security/2003/dsa-225
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/10376
来源:BID
链接:http://www.securityfocus.com/bid/6562
来源:CONFIRM
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
