Apache Struts未明跨站脚本漏洞

BUGTRAQ ID: 34399 CVE ID：CVE-2008-2025 CNCVE ID：CNCVE-20082025 Apache Struts是一款建立Java web应用程序的开放源代码架构。 Apache Struts存在跨站脚本攻击，远程攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 Apache Software Foundation Struts 2.0.12 Apache Software Foundation Struts 2.0.11 .2 Apache Software Foundation Struts 2.0.9 Apache Softwar...

XWork 'ParameterInterceptor'类OGNL安全绕过漏洞

BUGTRAQ ID: 32101 CNCAN ID：CNCAN-2008110505 XWork是一款命令模式框架，用于支持Struts 2及其他应用。 XWork存在设计问题，远程攻击者可以利用漏洞绕过安全限制，操作服务端上下文对象。 XWork ParametersInterceptor实现存在安全绕过问题，OGNL是复杂的语言提供大量特性，如使用表达式评估： http://www.ognl.org/2.6.9/Documentation/html/LanguageGuide/expressionEvaluation.html...

[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-2938: Apache Tomcat information disclosure vulnerability - Updated Severity: Important was moderate Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported...

Apache Tomcat UTF-8目录遍历漏洞

BUGTRAQ ID:30633 CVE ID：CVE-2008-2938 CNCVE ID：CNCVE-20082938 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。。 Apache Tomcat不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB服务程序上下文查看任意本地文件。 此漏洞发生是由于JAVA处理输入存在问题，如果context.xml或server.xml允许'allowLinking'和'URIencoding'为'UTF-8'，攻击者可以以WEB权限获得重要的系统文件内容。 Apache Software Foundation Tomca...

CVE-2008-2939

Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory...

CVE-2008-1947.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-1947: Tomcat host-manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.9 to 5.5.26 Tomcat 6.0.0 to 6.0.16 This issue has been fixed in the source repositories for each version and will b...

Apache Tomcat 'allowLinking' URI中接收NULL字节信息泄漏漏洞

Tomcat是一款由Apache软件基金会下属的Jakarta项目开发的一个Servlet容器。 当配置'allowlingk'时Apache Tomcat HTTP/1.0 connector不正确处理URI中的NULL字节，远程攻击者可以利用漏洞获得JSP源代码敏感信息。 目前没有详细漏洞细节提供。 Apache Software Foundation Tomcat 4.1.37 Apache Software Foundation Tomcat 4.1.36 Apache Software Foundation Tomcat 4.1.36 Apache Software...

[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Debian: Security Advisory (DSA-689-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache 'mod_proxy_balancer'存在多个漏洞

BUGTRAQ ID: 27236 CVE ID:CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2007-6423 CNCVE ID:CNCVE-20076420 CNCVE-20076421 CNCVE-20076422 CNCVE-20076423 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modproxybalancer模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本，CSRF，拒绝服务等攻击。 1，由于所有行为通过GET访问执行，存在“CSRF”攻击。...

[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Tomcat Host Manager Servlet跨站脚本漏洞

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat主机管理器Servlet不正确过滤用户提交的数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 攻击者可以构建恶意WEB页，诱使用户访问来触发，可获得目标用户敏感信息。 Apache Software Foundation Tomcat 6.0.13 Apache Software Foundation Tomcat 6.0.12 Apache Software Foundation Tomcat 6.0.11 Apache Software Foundation Tomcat...

CVE-2007-3385: Handling of \" in cookies

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3385: Handling of " in cookies Severity: Low Session Hi-jacking Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 5.0.0 to 5.0.30 4.1.0 to 4.1.36 3.3 to 3.3.2 Description: Tomcat incorrectly handles the...

Apache Tomcat错误消息报告跨站脚本漏洞

CVE ID:CVE-2007-3384 CNCVE ID:CNCVE-20073384 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 当报告错误消息时，在显示前Tomcat没有正确过滤用户提供的数据，可导致跨站脚本攻击，攻击者诱使用户访问可导致获得敏感信息。 Apache Software Foundation Tomcat 3.3.2 Apache Software Foundation Tomcat 3.3.1 a Apache Softwar...

Apache HTTP Server Mod_Cache拒绝服务漏洞

Apache HTTP Server是一款开放源代码的WEB服务程序。 Apache HTTP Server包含的Modcache存在设计错误，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 如果Cache-Control头字段数据s-maxage, max-age, min-fresh, max-stale其中一个值不赋值，那么Modcache模块在解析的时候可导致应用程序崩溃，造成拒绝服务攻击。 RedHat Enterprise Linux Desktop Workstation v. 5 client RedHat Enterprise Linux Desktop v.5...

[CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-1358: Apache Tomcat XSS vulnerability in Accept-Language header processing Severity: Low cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.34 Tomcat 5.0.0 to 5.0.30 Tomcat...

CVE-2007-2449.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples Severity: low cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.2...