Lucene search
K

3 matches found

seebug.org
seebug.org
added 2007/05/27 12:0 a.m.40 views

Apache Tomcat JK Web Server Connector双重编码“..”绕过安全限制漏洞

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在处理畸形编码的文件请求时存在漏洞,远程攻击者可能利用此漏洞绕过访问限制。 Apache Tomcat用于连接tomcat和apache之间的连接器JK Web Server Connector没有正确处理URL中双重编码的“..”字串。如果多个组件(防火墙、缓存、代理和Tomcat)处理一个请求的话,这些组件不应迭代的多次解码请求URL,否则就可能绕过最后一个组件之前所实施的访问控制规则。 默认下modjk解码Apache...

7.1AI score
Exploits0
CVE
CVE
added 2005/06/28 4:0 a.m.54 views

CVE-2002-1895

The vulnerability CVE-2002-1895 affects the Tomcat servlet engine in versions 3.3 and 4.0.4 when used with IIS and the ajp1.3 connector. Affected component: servlet engine; issue: remote attackers can trigger a denial of service (crash) by issuing a large sequence of HTTP GET requests for MS-DOS ...

5CVSS7.1AI score0.03879EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.27 views

CVE-2002-1895

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service crash via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN...

6.7AI score0.03879EPSS
Exploits1References6
Rows per page
Query Builder