{"id":6860,"date":"2011-07-14T11:12:22","date_gmt":"2011-07-14T03:12:22","guid":{"rendered":"https:\/\/aqzt.com\/6860.html"},"modified":"2011-07-14T11:12:22","modified_gmt":"2011-07-14T03:12:22","slug":"%e8%af%a5%e6%ad%bb%ef%bc%8ctomcat-%e5%85%a8%e7%b3%bb%e5%8f%88%e7%88%86%e5%ae%89%e5%85%a8%e6%bc%8f%e6%b4%9e","status":"publish","type":"post","link":"https:\/\/aqzt.com\/6860.html","title":{"rendered":"\u8be5\u6b7b\uff0cTomcat \u5168\u7cfb\u53c8\u7206\u5b89\u5168\u6f0f\u6d1e"},"content":{"rendered":"<p><a href=\"https:\/\/www.oschina.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6587\u7ae0\u8f6c\u8f7d\u5f00\u6e90\u4e2d\u56fd<\/a><\/p>\n<p>\u6765\u81ea Tomcat \u90ae\u4ef6\u5217\u8868\u7684\u6d88\u606f\uff0cTomcat \u5168\u7cfb\u53c8\u7206\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n<p>CVE-2011-2526: Apache Tomcat Information disclosure and availability vulnerabilities<br \/>&nbsp;<br \/>\u5b89\u5168\u7ea7\u522b\uff1a\u4f4e<\/p>\n<p>\u8be5\u6f0f\u6d1e\u5f71\u54cd\u76ee\u524d\u6240\u6709\u7684 Tomcat \u7248\u672c\uff0c\u65e0\u4e00\u5e78\u514d\u3002Tomcat \u5f00\u53d1\u56e2\u961f\u79f0\u5c06\u5f88\u5feb\u53d1\u5e03\u4fee\u590d\u7248\u672c\u3002<\/p>\n<p>\u4e0d\u8fc7\u522b\u7740\u6025\uff0c\u8be5\u6f0f\u6d1e\u53ea\u6709\u5728\u4e0b\u9762\u8fd9\u51e0\u79cd\u60c5\u51b5\u4e0b\u624d\u5b58\u5728\uff1a<\/p>\n<p>a) untrusted web applications are being used<br \/>b) the SecurityManager is used to limit the untrusted web applications <br \/>c) the HTTP NIO or HTTP APR connector is used <br \/>d) sendfile is enabled for the connector (this is the default)<\/p>\n<p>\u6f0f\u6d1e\u63cf\u8ff0:<\/p>\n<p>Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use<br \/>it directly via setting request attributes. These request attributes were not validated. When running under a security manager, this lack of validation allowed a malicious web application to do one or more of the following that would normally be prevented by a security manager: a) return files to users that the security manager should make inaccessible b) terminate (via a crash) the JVM<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6587\u7ae0\u8f6c\u8f7d\u5f00\u6e90\u4e2d\u56fd \u6765\u81ea Tomcat \u90ae\u4ef6\u5217\u8868\u7684\u6d88\u606f\uff0cTomcat \u5168\u7cfb\u53c8\u7206\u5b89\u5168\u6f0f\u6d1e\u3002 CVE-2011-2526: Apache Tomcat Information disclosure and availability vulnerabilities&nbsp;\u5b89\u5168\u7ea7\u522b\uff1a\u4f4e \u8be5\u6f0f\u6d1e\u5f71\u54cd\u76ee\u524d\u6240\u6709\u7684 Tomcat \u7248\u672c\uff0c\u65e0\u4e00\u5e78\u514d\u3002Tomcat \u5f00\u53d1\u56e2\u961f\u79f0\u5c06\u5f88\u5feb\u53d1\u5e03\u4fee\u590d\u7248\u672c\u3002 \u4e0d\u8fc7\u522b\u7740\u6025\uff0c\u8be5\u6f0f\u6d1e\u53ea\u6709\u5728\u4e0b\u9762\u8fd9\u51e0\u79cd\u60c5\u51b5\u4e0b\u624d\u5b58\u5728\uff1a a) untrusted web applications are being usedb<\/p>\n","protected":false},"author":1,"featured_media":6522,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[27],"tags":[292,9,85,11],"collection":[],"_links":{"self":[{"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/posts\/6860"}],"collection":[{"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/comments?post=6860"}],"version-history":[{"count":0,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/posts\/6860\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/media\/6522"}],"wp:attachment":[{"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/media?parent=6860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/categories?post=6860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/tags?post=6860"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/collection?post=6860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}