Novell Sentinel Log Manager多个Tomcat Servlet缺少认证漏洞
Novell Sentinel Log Manager多个Tomcat Servlet缺少认证漏洞
Novell Sentinel Log Manager多个Tomcat Servlet缺少认证漏洞
发布日期:2010-07-29
更新日期:2010-08-10
受影响系统:
Novell Sentinel Log Manager 1.1.0.1
Novell Sentinel Log Manager 1.1.0.0
Novell Sentinel Log Manager 1.0.0.5
Novell Sentinel Log Manager 1.0.0.4
不受影响系统:
Novell Sentinel Log Manager 1.1.0.2
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 42271
Novell Sentinel Log Manager是一个日志管理软件。
Novell Sentinel Log Manager中的fileDownload和reportPluginUpload Tomcat servlet无需认证便允许用户对其执行特权请求,远程攻击者可以通过提交HTTP请求导致执行任意代码。
<*来源:1c239c43f521145fa8385d64a9c32243
链接:http://secunia.com/advisories/40711/
http://www.zerodayinitiative.com/advisories/ZDI-10-143/
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Novell
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5078470.html
评论暂时关闭