资产安全
商业安全
安全服务
返回- 漏洞ID:1115814
- 漏洞类型:路径遍历
- 发布日期:2008-08-01
- 更新时间:2015-05-07
- CVE编号: CVE-2008-2370
- CNNVD-ID:CNNVD-200808-030
- 漏洞平台:Multiple
- CVSS评分:5.0
<a href="https://www.exploit-db.com/exploits/32137" target="_blank">https://www.exploit-db.com/exploits/32137</a><br/> <a href="https://www.securityfocus.com/bid/30494" target="_blank">https://www.securityfocus.com/bid/30494</a><br/> <a href="https://cxsecurity.com/issue/WLB-2008080107" target="_blank">https://cxsecurity.com/issue/WLB-2008080107</a><br/> <a href="http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200808-030" target="_blank">http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200808-030</a><br/>
Apache Tomcat是一个流行的开放源码的JSP应用服务器。 在使用RequestDispatcher时,删除查询字符串之前会规则化目标路径,这导致远程攻击者可以通过向Apache Tomcat服务器提交包包含..查询请求,使得其可以读取系统上的任意文件。
来源:BID
名称:30494
链接:http://www.securityfocus.com/bid/30494
来源:FEDORA
名称:FEDORA-2008-8130
链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
来源:FEDORA
名称:FEDORA-2008-8113
链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
来源:FEDORA
名称:FEDORA-2008-7977
链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
来源:XF
名称:tomcat-requestdispatcher-info-disclosure(44156)
链接:http://xforce.iss.net/xforce/xfdb/44156
来源:VUPEN
名称:ADV-2009-2215
链接:http://www.vupen.com/english/advisories/2009/2215
来源:VUPEN
名称:ADV-2009-1535
链接:http://www.vupen.com/english/advisories/2009/1535
来源:VUPEN
名称:ADV-2009-0503
链接:http://www.vupen.com/english/advisories/2009/0503
来源:CONFIRM
名称:http://www.vmware.com/security/advisories/VMSA-2009-0002.html
链接:http://www.vmware.com/security/advisories/VMSA-2009-0002.html
来源:SECTRACK
名称:1020623
链接:http://www.securitytracker.com/id?1020623
来源:BID
名称:31681
链接:http://www.securityfoc
微信扫码关注公众号
