资产安全
商业安全
安全服务
返回- 漏洞ID:1115884
- 漏洞类型:路径遍历
- 发布日期:2008-08-11
- 更新时间:2015-04-13
- CVE编号: CVE-2008-2938
- CNNVD-ID:CNNVD-200808-165
- 漏洞平台:Multiple
- CVSS评分:4.3
<a href="https://www.exploit-db.com/exploits/6229" target="_blank">https://www.exploit-db.com/exploits/6229</a><br/> <a href="https://www.securityfocus.com/bid/30633" target="_blank">https://www.securityfocus.com/bid/30633</a><br/> <a href="https://cxsecurity.com/issue/WLB-2008080039" target="_blank">https://cxsecurity.com/issue/WLB-2008080039</a><br/> <a href="http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200808-165" target="_blank">http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200808-165</a><br/>
ApacheTomcat是一个流行的开放源码的JSP应用服务器程序。Tomacat4.1.0至4.1.37,5.5.0至5.5.26,6.0.0至6.0.16中均存在目录遍历漏洞。当启用allowLinking及UTF-8时,Tomcat在处理请求的编码时存在漏洞,远程攻击者可通过提交包含经编码的目录路径,读取服务器上的任意文件。
来源:US-CERT
名称:VU#343355
链接:http://www.kb.cert.org/vuls/id/343355
来源:tomcat.apache.org
链接:http://tomcat.apache.org/security-6.html
来源:FEDORA
名称:FEDORA-2008-8130
链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
来源:FEDORA
名称:FEDORA-2008-8113
链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
来源:FEDORA
名称:FEDORA-2008-7977
链接:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
来源:XF
名称:tomcat-allowlinking-utf8-directory-traversal(44411)
链接:http://xforce.iss.net/xforce/xfdb/44411
来源:SECTRACK
名称:1020665
链接:http://www.securitytracker.com/id?1020665
来源:BID
名称:31681
链接:http://www.securityfocus.com/bid/31681
来源:BID
名称:30633
链接:http://www.securityfocus.com/bid/30633
来源:BUGTRAQ
名称:20080811ApacheTomcat<=6.0.18UTF8DirectoryTraversalVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/495318/100/0/threaded
来源:REDHAT
名称:RHSA-2008:0864
链接:http://www.redhat.com/support/errata/RHSA-20
微信扫码关注公众号
