影响的版本包括: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.41
漏洞描述:chucked 请求包含一个受损的 chunk 可能导致 Tomcat 读取部分请求的 body 做为一个新请求。
解决办法: - - Upgrade to Apache Tomcat 8.0.9 or later - - Upgrade to Apache Tomcat 7.0.55 or later - - Upgrade to Apache Tomcat 6.0.43 or later (6.0.42 contains the fix but was not released)官方消息: http://mail-archives.apache.org/mod_mbox/www-announce/201502.mbox/%3C54D87A0F.7010400@apache.org%3ELinux下Apache与多个Tomcat 集群负载均衡 http://www.linuxidc.com/Linux/2012-01/51731.htmNginx Tomcat 集群负载均衡解决笔记 http://www.linuxidc.com/Linux/2013-07/86827.htm实例详解Tomcat组件安装+Nginx反向代理Tomcat+Apache使用mod_jk和mod_proxy反向代理和负载均衡 http://www.linuxidc.com/Linux/2013-06/85290.htmCentOS 6.5下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器 http://www.linuxidc.com/Linux/2014-06/103836.htmApache+Tomcat 环境搭建(JK部署过程) http://www.linuxidc.com/Linux/2012-11/74474.htmTomcat 的详细介绍:请点这里 Tomcat 的下载地址:请点这里
易网时代-编程资源站