RootSSV:4199Apache Tomcat 'RemoteFilterValve'安全绕过漏洞
0.002 Low
EPSS
Percentile
59.7%
BUGTRAQ ID: 31698
CVE ID:CVE-2008-3271
CNCVE ID:CNCVE-20083271
Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。
Apache Tomcat处理’RemoteFilterValve’扩展存在安全绕过问题,远程攻击者可以利用漏洞绕过访问限制,获得敏感信息。
在使用RemoteAddrValve允许部分地址访问引擎时:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="a.b.c.d"/>
由于在检查IP地址时存在同步问题,允许来自非允许IP地址的用户对RemoteFilterValve延伸的保护内容进行访问。
FUJITSU Interstage产品目前受此漏洞影响。
Fujitsu INTERSTAGE Studio Standard-J Edition 9.0
Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Studio Enterprise Edition 9.0
Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Job Workload Server 8.1
Fujitsu INTERSTAGE Business Application Server Enterprise 8.0.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0 A
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0
Fujitsu iNTERSTAGE Application Server Standard Edition 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 6.0
Fujitsu Interstage Application Server Plus 7.0.1
Fujitsu Interstage Application Server Plus 7.0
Fujitsu Interstage Application Server Plus 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 A
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.3
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0
Apache Software Foundation Tomcat 5.0
Apache Software Foundation Tomcat 4.1.31
Apache Software Foundation Tomcat 4.1.30
Apache Software Foundation Tomcat 4.1.29
Apache Software Foundation Tomcat 4.1.28
Apache Software Foundation Tomcat 4.1.24
- Gentoo Linux 1.4 _rc3
- Gentoo Linux 1.4 _rc2
- Gentoo Linux 1.4 _rc1
- Gentoo Linux 1.2
Apache Software Foundation Tomcat 4.1.12
Apache Software Foundation Tomcat 4.1.10
Apache Software Foundation Tomcat 4.1.3 beta
Apache Software Foundation Tomcat 4.1.3
Apache Software Foundation Tomcat 4.1
Apache Software Foundation Tomcat 4.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.3
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.5
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8
- Sun Solaris 7.0
Apache Software Foundation Tomcat 5.0
升级到最新版本:
Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.0.1
Apache Software Foundation Tomcat 4.1.32
<a href=“http://tomcat.apache.org/” target=“_blank”>http://tomcat.apache.org/</a>
Related
