Tomcat 又爆安全漏洞，情何以堪

CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication

严重性: 中等

所影响的版本：
- - Tomcat 7.0.0 to 7.0.11
- - Tomcat 6.0.0 to 6.0.32
- - Tomcat 5.5.0 to 5.5.33
- - Earlier, unsupported versions may also be affected

漏洞描述:
The implementation of HTTP DIGEST authentication was discovered to
have several weaknesses:
- - replay attacks were permitted
- - server nonces were not checked
- - client nonce counts were not checked
- - qop values were not checked
- - realm values were not checked
- - the server secret was hard-coded to a known string
The result of these weaknesses is that DIGEST authentication was only
as secure as BASIC authentication.

解决方法:
Users of Tomcat 7.0.x should upgrade to 7.0.12 or later
Users of Tomcat 6.0.x should upgrade to 6.0.33 or later
Users of Tomcat 5.5.x should upgrade to 5.5.34 or laterAuthenex ASAS Server “username”参数SQL注入漏洞Novell GroupWise Internet Agent HTTP接口栈缓冲区溢出漏洞相关资讯漏洞 Tomcat漏洞

Apache Tomcat "chown"命令权限提（今 20:29）
Apache Tomcat拒绝服务漏洞（CVE- （06月24日）
Apache Tomcat Security Manager信（02月23日）

Apache Tomcat HTTP_PROXY环境变量（07月19日）
Apache Tomcat Security Manager远（02月23日）
Apache Tomcat块请求远程拒绝服务（06/11/2015 19:36:52）

本文评论查看全部评论（0）

评论声明

尊重网上道德，遵守中华人民共和国的各项有关法律法规
承担一切因您的行为而直接或间接导致的民事或刑事法律责任