Important: Red Hat Security Advisory: jakarta-commons-collections security update

Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Apache Tomcat 安全限制绕过漏洞

BUGTRAQ ID: 65773 CVECAN ID: CVE-2013-4286 Apache Tomcat是一个流行的开源JSP应用服务器程序。 Tomcat 8.0.0-RC1 - 8.0.0-RC5、7.0.0 - 7.0.47、6.0.0 - 6.0.37版本存在漏洞CVE-2005-2090修复不完整问题，远程攻击者可利用此漏洞对Web缓存投毒、逃避IDS签名、启动跨站脚本、HTML注入、会话劫持攻击等。 0 Apache Group Tomcat 8.0.0-RC1 - 8.0.0-RC5 Apache Group Tomcat 7.0.0 - 7.0.47 Apache...

Apache Tomcat JK Web Server Connector双重编码“..”绕过安全限制漏洞

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在处理畸形编码的文件请求时存在漏洞，远程攻击者可能利用此漏洞绕过访问限制。 Apache Tomcat用于连接tomcat和apache之间的连接器JK Web Server Connector没有正确处理URL中双重编码的“..”字串。如果多个组件（防火墙、缓存、代理和Tomcat）处理一个请求的话，这些组件不应迭代的多次解码请求URL，否则就可能绕过最后一个组件之前所实施的访问控制规则。 默认下modjk解码Apache...

CVE-2002-1895

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service crash via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN...

CVE-2002-1895

The vulnerability CVE-2002-1895 affects the Tomcat servlet engine in versions 3.3 and 4.0.4 when used with IIS and the ajp1.3 connector. Affected component: servlet engine; issue: remote attackers can trigger a denial of service (crash) by issuing a large sequence of HTTP GET requests for MS-DOS ...