Tomcat 全系報請求漏洞 CVE-2014-0227
CVE-2014-0227 Request Smuggling
危害程度:重要!
影響的版本包括:
- Apache Tomcat 8.0.0-RC1 to 8.0.8
- Apache Tomcat 8.0.0-RC1 to 8.0.8
- Apache Tomcat 7.0.0 to 7.0.54
- Apache Tomcat 7.0.0 to 7.0.54
- Apache Tomcat 6.0.0 to 6.0.41
漏洞描述:</p>chucked 請求包含一個受損的 chunk 可能導致 Tomcat 讀取部分請求的 body 做為一個新請求。
解決辦法:
- Apache Tomcat 6.0.0 to 6.0.41
- Upgrade to Apache Tomcat 8.0.9 or later
- Upgrade to Apache Tomcat 8.0.9 or later
- Upgrade to Apache Tomcat 7.0.55 or later
- Upgrade to Apache Tomcat 7.0.55 or later
- Upgrade to Apache Tomcat 6.0.43 or later (6.0.42 contains the fix but was not released)</p>
官方消息:
來自:http://www.oschina.net/news/59546/tomcat-cve-2014-0227
http://mail-archives.apache.org/mod_mbox/www-announce/201502.mbox/%3C54D87A0F.7010400@apache.org%3E
- Upgrade to Apache Tomcat 6.0.43 or later (6.0.42 contains the fix but was not released)</p>
本文由用戶 jopen 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!