3 matches found
Apache Tomcat JK Web Server Connector双重编码“..”绕过安全限制漏洞
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在处理畸形编码的文件请求时存在漏洞,远程攻击者可能利用此漏洞绕过访问限制。 Apache Tomcat用于连接tomcat和apache之间的连接器JK Web Server Connector没有正确处理URL中双重编码的“..”字串。如果多个组件(防火墙、缓存、代理和Tomcat)处理一个请求的话,这些组件不应迭代的多次解码请求URL,否则就可能绕过最后一个组件之前所实施的访问控制规则。 默认下modjk解码Apache...
CVE-2002-1895
The vulnerability CVE-2002-1895 affects the Tomcat servlet engine in versions 3.3 and 4.0.4 when used with IIS and the ajp1.3 connector. Affected component: servlet engine; issue: remote attackers can trigger a denial of service (crash) by issuing a large sequence of HTTP GET requests for MS-DOS ...
CVE-2002-1895
The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service crash via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN...