Tomcat 今天又爆出两个新的重要的漏洞,这两个漏洞分别是:
在岚县等地区,都构建了全面的区域性战略布局,加强发展的系统性、市场前瞻性、产品创新能力,以专注、极致的服务理念,为客户提供成都网站设计、成都网站建设 网站设计制作按需定制开发,公司网站建设,企业网站建设,成都品牌网站建设,成都全网营销推广,外贸网站制作,岚县网站建设费用合理。
CVE-2011-337***pache Tomcat Information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
◆ Tomcat 7.0.0 to 7.0.21
◆ Tomcat 6.0.30 to 6.0.33
◆ Earlier versions are not affected
Description:
For performance reasons, information parsed from a request is often
cached in two places: the internal request object and the internal
processor object. These objects are not recycled at exactly the same time.
When certain errors occur that needed to be added to the access log, the
access logging process triggers the re-population of the request object
after it has been recycled. However, the request object was not recycled
before being used for the next request. That lead to information leakage
(e.g. remote IP address, HTTP headers) from the previous request to the
next request.
The issue was resolved be ensuring that the request and response objects
were recycled after being re-populated to generate the necessary access
log entries.
解决的办法:
◆ Tomcat 7.0.x 用户应该升级到 7.0.22 或者更新版本
◆ Tomcat 6.0.x 应该升级到 6.0.35 或更新版本
CVE-2012-0022 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
◆ Tomcat 7.0.0 to 7.0.22
◆ Tomcat 6.0.0 to 6.0.33
◆ Tomcat 5.5.0 to 5.5.34
◆ Earlier, unsupported versions may also be affected
Description:
Analysis of the recent hash collision vulnerability identified unrelated
inefficiencies with Apache Tomcat's handling of large numbers of
parameters and parameter values. These inefficiencies could allow an
attacker, via a specially crafted request, to cause large amounts of CPU
to be used which in turn could create a denial of service.
The issue was addressed by modifying the Tomcat parameter handling code
to efficiently process large numbers of parameters and parameter values.
Mitigation:
Users of affected versions should apply one of the following mitigations:
◆ Tomcat 7.0.x users should upgrade to 7.0.23 or later
◆ Tomcat 6.0.x users should upgrade to 6.0.35 or later
◆ Tomcat 5.5.x users should upgrade to 5.5.35 or later
本文题目:Tomcat又爆出两个重要漏洞
浏览路径:http://www.shufengxianlan.com/qtweb/news25/555075.html
网站建设、网络推广公司-创新互联,是专注品牌与效果的网站制作,网络营销seo公司;服务项目有等
声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 创新互联