<\/wbr>tw<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"\u6559\u80b2\u6a5f\u69cbANA\u901a\u5831\u5e73\u53f0 \u767c\u4f48\u7de8\u865f TACERT-ANA-2020042112041515 \u767c\u4f48\u6642\u9593 2020-04-21 12:50:15 \u4e8b\u6545\u985e\u578b ANA-\u6f0f\u6d1e\u9810\u8b66 \u767c\u73fe\u6642\u9593 2020-04-20 12:50:15 \u5f71\u97ff\u7b49\u7d1a \u4f4e [\u4e3b\u65e8\u8aaa\u660e:]\u3010\u6f0f\u6d1e\u9810\u8b66\u3011Tomcat \u7db2\u7ad9\u4f3a\u670d\u5668\u5177\u6709\u8cc7\u8a0a\u5916\u6d29\u7684\u6f0f\u6d1e(CVE-2020-1938 and CNVD-2020-10487)\uff0c\u8acb\u5404\u55ae\u4f4d\u5118\u901f\u78ba\u8a8d\u4e26\u66f4\u65b0\u4fee\u88dc\u3002 [\u5167\u5bb9\u8aaa\u660e:]<\/p>\n
Apache Tomcat\u7db2\u7ad9\u4f3a\u670d\u5668\u5728\u7248\u672c9.x\u30018.x\u82077.x\u4e2d\uff0c\u5b58\u5728\u6f0f\u6d1e(CVE-2020-1938 and CNVD-2020-10487)\u3002<\/p>\n
\u8a72\u6f0f\u6d1e\u53ef\u80fd\u5141\u8a31\u8b80\u5bebTomcat\u7684webapp\u76ee\u9304\u4e2d\u7684\u6587\u4ef6\u3002<\/p>\n
Apache Tomcat\u7db2\u7ad9\u4f3a\u670d\u5668\u662f\u53ef\u904b\u884cJava\u4ee3\u78bc\u7684\u958b\u6e90Web\u670d\u52d9\u5668\u3002\u7531\u65bc\u6240\u4f7f\u7528\u7684AJP(Apache JServ Protocol)\u5354\u8b70\u8a2d\u8a08\u4e0a\u5b58\u5728\u7f3a\u9677\uff0c\u653b\u64ca\u8005\u53ef\u5229\u7528\u9810\u8a2d\u958b\u555f\u4e14\u672a\u8a2d\u5b9a\u5916\u90e8\u5b58\u53d6\u7684AJP\u670d\u52d9(\u9810\u8a2d\u70ba8009\u901a\u8a0a\u57e0)\uff0c\u9054\u5230\u9060\u7aef\u6307\u4ee4\u57f7\u884c(Romote Code Execution, RCE)\u4e4b\u76ee\u7684\uff1b\u67e5\u770b\u3001\u66f4\u6539\u3001\u522a\u9664\u6578\u64da\u6216\u5efa\u7acb\u5177\u6709\u5b8c\u6574\u6b0a\u9650\u7684\u65b0\u5e33\u6236\u7b49\u3002\u6b64\u5916\uff0c\u5982\u679c\u7db2\u7ad9\u61c9\u7528\u7a0b\u5e8f\u5141\u8a31\u7528\u6236\u4e0a\u50b3\u6587\u4ef6\uff0c\u5247\u653b\u64ca\u8005\u53ef\u80fd\u6703\u5c07\u5305\u542b\u60e1\u610f\u4ee3\u78bc\u7684\u6587\u4ef6\u4e0a\u50b3\u5230\u4f3a\u670d\u5668\uff0c\u4f7f\u8a72\u7cfb\u7d71\u6210\u70ba\u60e1\u610f\u7a0b\u5f0f\u4e0b\u8f09\u7ad9(Download Site)\u3002<\/p>\n<\/p>\n
\u60c5\u8cc7\u5206\u4eab\u7b49\u7d1a: WHITE(\u60c5\u8cc7\u5167\u5bb9\u70ba\u53ef\u516c\u958b\u63ed\u9732\u4e4b\u8cc7\u8a0a)<\/p>\n
\u6b64\u8a0a\u606f\u50c5\u767c\u9001\u5230\u300c\u5340\u7e23\u5e02\u7db2\u8def\u4e2d\u5fc3\u300d\uff0c\u7169\u8acb\u8cb4\u55ae\u4f4d\u5354\u52a9\u516c\u544a\u6216\u8f49\u767c [\u5f71\u97ff\u5e73\u53f0:]<\/p>\n
\u4f7f\u7528Tomcat\u4f5c\u70ba\u7db2\u7ad9\u4f3a\u670d\u5668\uff0c\u4e14\u7248\u672c\u70ba:<\/p>\n
Apache Tomcat 9.x < 9.0.31<\/p>\n
Apache Tomcat 8.x < 8.5.51<\/p>\n
Apache Tomcat 7.x < 7.0.100<\/p>\n
Apache Tomcat […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/16485"}],"collection":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/comments?post=16485"}],"version-history":[{"count":0,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/16485\/revisions"}],"wp:attachment":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/media?parent=16485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/categories?post=16485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/tags?post=16485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}