文件上传组件导致 Tomcat 7&8 DoS 安全漏洞
文件上传组件导致 Tomcat 7&8 DoS 安全漏洞
由于 Apache Commons Fileupload 文件上传组件的问题,导致全系的 Tomcat 版本存在 DoS 安全漏洞。所影响的版本包括:
- - Commons FileUpload 1.0 to 1.3 - - Apache Tomcat 8.0.0-RC1 to 8.0.1 - - Apache Tomcat 7.0.0 to 7.0.50 - - Apache Tomcat 6 and earlier are not affected
解决该漏洞的方法:
- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released - - Upgrade to Apache Tomcat 8.0.2 or later once released - - Upgrade to Apache Tomcat 7.0.51 or later once released - - Apply the appropriate patch - Commons FileUpload: http://svn.apache.org/r1565143 - Tomcat 8: http://svn.apache.org/r1565163 - Tomcat 7: http://svn.apache.org/r1565169 - - Limit the size of the Content-Type header to less than 4091 bytes
该漏洞的详细描述请看这里。
Tomcat 的详细介绍:请点这里
Tomcat 的下载地址:请点这里
Linux下Apache与多个Tomcat 集群负载均衡
Nginx Tomcat 集群负载均衡解决笔记
实例详解Tomcat组件安装+Nginx反向代理Tomcat+Apache使用mod_jk和mod_proxy反向代理和负载均衡
Apache+Tomcat 环境搭建(JK部署过程)
深入剖析Tomcat PDF
评论暂时关闭