{"id":6904,"date":"2011-09-26T11:12:22","date_gmt":"2011-09-26T03:12:22","guid":{"rendered":"https:\/\/aqzt.com\/6904.html"},"modified":"2011-09-26T11:12:22","modified_gmt":"2011-09-26T03:12:22","slug":"tomcat-%e5%8f%88%e7%88%86%e5%ae%89%e5%85%a8%e6%bc%8f%e6%b4%9e%ef%bc%8c%e6%83%85%e4%bd%95%e4%bb%a5%e5%a0%aa","status":"publish","type":"post","link":"https:\/\/aqzt.com\/6904.html","title":{"rendered":"Tomcat \u53c8\u7206\u5b89\u5168\u6f0f\u6d1e\uff0c\u60c5\u4f55\u4ee5\u582a"},"content":{"rendered":"<p><a href=\"https:\/\/www.oschina.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u6587\u7ae0\u8f6c\u8f7d\u5f00\u6e90\u4e2d\u56fd<\/a><\/p>\n<p>CVE-2011-1184 Apache Tomcat &#8211; Multiple weaknesses in HTTP DIGEST authentication<\/p>\n<p>\u4e25\u91cd\u6027: \u4e2d\u7b49<\/p>\n<p>\u6240\u5f71\u54cd\u7684\u7248\u672c\uff1a<br \/>&#8211; &#8211; Tomcat 7.0.0 to 7.0.11<br \/>&#8211; &#8211; Tomcat 6.0.0 to 6.0.32<br \/>&#8211; &#8211; Tomcat 5.5.0 to 5.5.33<br \/>&#8211; &#8211; Earlier, unsupported versions may also be affected<\/p>\n<p>\u6f0f\u6d1e\u63cf\u8ff0:<br \/>The implementation of HTTP DIGEST authentication was discovered to<br \/>have several weaknesses:<br \/>&#8211; &#8211; replay attacks were permitted<br \/>&#8211; &#8211; server nonces were not checked<br \/>&#8211; &#8211; client nonce counts were not checked<br \/>&#8211; &#8211; qop values were not checked<br \/>&#8211; &#8211; realm values were not checked<br \/>&#8211; &#8211; the server secret was hard-coded to a known string<br \/>The result of these weaknesses is that DIGEST authentication was only<br \/>as secure as BASIC authentication.<\/p>\n<p>\u89e3\u51b3\u65b9\u6cd5:<br \/>Users of Tomcat 7.0.x should upgrade to 7.0.12 or later<br \/>Users of Tomcat 6.0.x should upgrade to 6.0.33 or later<br \/>Users of Tomcat 5.5.x should upgrade to 5.5.34 or later<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6587\u7ae0\u8f6c\u8f7d\u5f00\u6e90\u4e2d\u56fd CVE-2011-1184 Apache Tomcat &#8211; Multiple weaknesses in HTTP DIGEST authentication \u4e25\u91cd\u6027: \u4e2d\u7b49 \u6240\u5f71\u54cd\u7684\u7248\u672c\uff1a&#8211; &#8211; Tomcat 7.0.0 to 7.0.11&#8211; &#8211; Tomcat 6.0.0 to 6.0.32&#8211; &#8211; Tomcat 5.5.0 to 5.5.33&#8211; &#8211; Earlier, unsupported<\/p>\n","protected":false},"author":1,"featured_media":6522,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[27],"tags":[292,11],"collection":[],"_links":{"self":[{"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/posts\/6904"}],"collection":[{"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/comments?post=6904"}],"version-history":[{"count":0,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/posts\/6904\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/media\/6522"}],"wp:attachment":[{"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/media?parent=6904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/categories?post=6904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/tags?post=6904"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/aqzt.com\/wp-json\/wp\/v2\/collection?post=6904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}