apache tomcat digest身份验证多个安全漏洞怎么更新
1个回答
展开全部
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
Apache Tomcat
7.0.0-7.0.27、6.0.0-6.0.35、5.5.0-5.5.35存在多个安全漏洞,成功利用后可允许攻击者绕过安全限制并执行非法操作。
Description
A weakness and a vulnerability have been reported in Apache
Tomcat, which can be exploited by malicious people to bypass certain security
restrictions and cause a DoS (Denial of Service).
1) An error within the “parseHeaders()” function
(InternalNioInputBuffer.java) when parsing request headers does not properly
verify the permitted size and can be exploited to trigger an OutOfMemoryError
exception via specially crafted headers.
This vulnerability is reported in versions 6.0.0-6.0.35 and 7.0.0-7.0.27.
2) An error within DIGEST authentication mechanism does not properly check
server nonces.
This weakness is reported in versions 5.5.0-5.5.35, 6.0.0-6.0.35, and
7.0.0-7.0.29.
Solution
Update to version 5.5.36, 6.0.36, or 7.0.30.
Apache Tomcat
7.0.0-7.0.27、6.0.0-6.0.35、5.5.0-5.5.35存在多个安全漏洞,成功利用后可允许攻击者绕过安全限制并执行非法操作。
Description
A weakness and a vulnerability have been reported in Apache
Tomcat, which can be exploited by malicious people to bypass certain security
restrictions and cause a DoS (Denial of Service).
1) An error within the “parseHeaders()” function
(InternalNioInputBuffer.java) when parsing request headers does not properly
verify the permitted size and can be exploited to trigger an OutOfMemoryError
exception via specially crafted headers.
This vulnerability is reported in versions 6.0.0-6.0.35 and 7.0.0-7.0.27.
2) An error within DIGEST authentication mechanism does not properly check
server nonces.
This weakness is reported in versions 5.5.0-5.5.35, 6.0.0-6.0.35, and
7.0.0-7.0.29.
Solution
Update to version 5.5.36, 6.0.36, or 7.0.30.
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
快又稳
2024-10-28 广告
Apache基于域名的虚拟主机配置主要涉及到在Apache配置文件中为不同域名指定不同的网站目录和日志路径。配置时,需确保域名已正确指向服务器的IP地址。在Apache的`httpd-vhosts.conf`或类似配置文件中,为每个域名创建...
点击进入详情页
本回答由快又稳提供
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
