BUGTRAQ ID: 31698
CVE ID:CVE-2008-3271
CNCVE ID:CNCVE-20083271
Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。
Apache Tomcat处理’RemoteFilterValve’扩展存在安全绕过问题,远程攻击者可以利用漏洞绕过访问限制,获得敏感信息。
在使用RemoteAddrValve允许部分地址访问引擎时:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="a.b.c.d"/>
由于在检查IP地址时存在同步问题,允许来自非允许IP地址的用户对RemoteFilterValve延伸的保护内容进行访问。
FUJITSU Interstage产品目前受此漏洞影响。
Fujitsu INTERSTAGE Studio Standard-J Edition 9.0
Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Studio Enterprise Edition 9.0
Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Job Workload Server 8.1
Fujitsu INTERSTAGE Business Application Server Enterprise 8.0.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0 A
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0
Fujitsu iNTERSTAGE Application Server Standard Edition 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 6.0
Fujitsu Interstage Application Server Plus 7.0.1
Fujitsu Interstage Application Server Plus 7.0
Fujitsu Interstage Application Server Plus 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 A
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.3
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0
Apache Software Foundation Tomcat 5.0
Apache Software Foundation Tomcat 4.1.31
Apache Software Foundation Tomcat 4.1.30
Apache Software Foundation Tomcat 4.1.29
Apache Software Foundation Tomcat 4.1.28
Apache Software Foundation Tomcat 4.1.24