乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-06-09: 细节已通知厂商并且等待厂商处理中 2013-06-14: 厂商已经确认,细节仅向厂商公开 2013-06-24: 细节向核心白帽子及相关领域专家公开 2013-07-04: 细节向普通白帽子公开 2013-07-14: 细节向实习白帽子公开 2013-07-24: 细节向公众公开
奥迪分站Apache Struts命令执行
http://contact.audi.cn/m/dealer/msizes!seljxs.action
网站物理路径: /www/audicontactjava.home: /usr/java/jdk1.5.0_16/jrejava.version: 1.5.0_16os.name: Linuxos.arch: i386os.version: 2.6.18-92.el5user.name: tomcatuser.home: /home/tomcatuser.dir: /home/tomcatjava.class.version: 49.0java.class.path: :/usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/commons-logging-api.jarjava.library.path: /usr/java/jdk1.5.0_16/jre/lib/i386/server:/usr/java/jdk1.5.0_16/jre/lib/i386:/usr/java/jdk1.5.0_16/jre/../lib/i386file.separator: /path.separator: :java.vendor: Sun Microsystems Inc.java.vendor.url: http://java.sun.com/java.vm.specification.version: 1.0java.vm.specification.vendor: Sun Microsystems Inc.java.vm.specification.name: Java Virtual Machine Specificationjava.vm.version: 1.5.0_16-b02java.vm.vendor: Sun Microsystems Inc.java.vm.name: Java HotSpot(TM) Server VMjava.specification.version: 1.5java.specification.vender: java.specification.name: Java Platform API Specificationjava.io.tmpdir: /usr/local/tomcat/temphibernate信息-- listing properties --java.vendor=Sun Microsystems Inc.sun.java.launcher=SUN_STANDARDcatalina.base=/usr/local/tomcathibernate.connection.url=jdbc:oracle:thin:@10.172.12.42:1521:a...sun.management.compiler=HotSpot Server Compilercatalina.useNaming=trueos.name=Linuxsun.boot.class.path=/usr/java/jdk1.5.0_16/jre/lib/rt.jar:...java.util.logging.config.file=/usr/local/tomcat/conf/logging.proper...java.vm.specification.vendor=Sun Microsystems Inc.java.runtime.version=1.5.0_16-b02user.name=tomcatshared.loader=${catalina.base}/shared/classes,${cat...tomcat.util.buf.StringCache.byte.enabled=trueconnection.driver_class=oracle.jdbc.driver.OracleDriveruser.language=enjava.naming.factory.initial=org.apache.naming.java.javaURLContext...sun.boot.library.path=/usr/java/jdk1.5.0_16/jre/lib/i386dialect=org.hibernate.dialect.Oracle9Dialectjava.version=1.5.0_16java.util.logging.manager=org.apache.juli.ClassLoaderLogManageruser.timezone=Asia/Shanghaisun.arch.data.model=32java.endorsed.dirs=/usr/local/tomcat/common/endorsedsun.cpu.isalist=sun.jnu.encoding=UTF-8file.encoding.pkg=sun.iopackage.access=sun.,org.apache.catalina.,org.apache....file.separator=/java.specification.name=Java Platform API Specificationjava.class.version=49.0user.country=USconnection.url=jdbc:oracle:thin:@10.172.12.42:1521:a...java.home=/usr/java/jdk1.5.0_16/jrejava.vm.info=mixed modeos.version=2.6.18-92.el5path.separator=:connection.password=audicms!#java.vm.version=1.5.0_16-b02hibernate.connection.password=audicms!#java.awt.printerjob=sun.print.PSPrinterJobsun.io.unicode.encoding=UnicodeLittlehibernate.connection.username=audicmspackage.definition=sun.,java.,org.apache.catalina.,org.a...java.naming.factory.url.pkgs=org.apache.naminguser.home=/home/tomcatjava.specification.vendor=Sun Microsystems Inc.java.library.path=/usr/java/jdk1.5.0_16/jre/lib/i386/se...java.vendor.url=http://java.sun.com/hibernate.connection.driver_class=oracle.jdbc.driver.OracleDriverconnection.username=audicmsjava.vm.vendor=Sun Microsystems Inc.hibernate.dialect=org.hibernate.dialect.Oracle9Dialectcommon.loader=${catalina.home}/common/classes,${cat...java.runtime.name=Java(TM) 2 Runtime Environment, Stand...java.class.path=:/usr/local/tomcat/bin/bootstrap.jar:...hibernate.bytecode.use_reflection_optimizer=falsejava.vm.specification.name=Java Virtual Machine Specificationjava.vm.specification.version=1.0catalina.home=/usr/local/tomcatsun.cpu.endian=littlesun.os.patch.level=unknownjava.io.tmpdir=/usr/local/tomcat/tempjava.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport...server.loader=${catalina.home}/server/classes,${cat...os.arch=i386java.awt.graphicsenv=sun.awt.X11GraphicsEnvironmentmyeclipse.connection.profile=audicn42java.ext.dirs=/usr/java/jdk1.5.0_16/jre/lib/extuser.dir=/home/tomcatline.separator=java.vm.name=Java HotSpot(TM) Server VMhibernate.myeclipse.connection.profile=audicn42file.encoding=UTF-8java.specification.version=1.5
升级
危害等级:低
漏洞Rank:5
确认时间:2013-06-14 01:25
暂无