Apache Tomcat 从文件包含到RCE漏洞原理深入分析 | 天融信阿尔法实验室
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a19715db-7f23-4a60-a423-e012a95d11f6 |
| Fingerprint | bc15d63a8d279610 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Jan. 1, 2023, midnight |
| Added to db | Jan. 18, 2023, 7:40 p.m. |
| Last updated | Nov. 18, 2024, 2:27 p.m. |
| Headline | Apache Tomcat 从文件包含到RCE漏洞原理深入分析 |
| Title | Apache Tomcat 从文件包含到RCE漏洞原理深入分析 | 天融信阿尔法实验室 |
| Detected Hints/Tags/Attributes | 9/0/23 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.topsec.com.cn/apache-tomcat- |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 19 | cve-2020-1938 |
|
| Details | Domain | 6 | archive.apache.org |
|
| Details | Domain | 2 | maven.apache.org |
|
| Details | Domain | 151 | www.w3.org |
|
| Details | File | 40 | web.xml |
|
| Details | File | 1 | 然后在源码中新增pom.xml |
|
| Details | File | 3 | 0.xsd |
|
| Details | File | 3 | maven.pl |
|
| Details | File | 7 | javax.xml |
|
| Details | File | 2 | jdt.core |
|
| Details | File | 1 | 且为testcookiefilter.java |
|
| Details | File | 1 | servlet.inc |
|
| Details | File | 103 | test.txt |
|
| Details | File | 1 | abc.jsp |
|
| Details | File | 1 | 因为.jsp |
|
| Details | File | 1 | jspservlet的url-pattern为.jsp |
|
| Details | File | 1 | 和.jsp |
|
| Details | File | 1 | 其实本质核心就是通过jspservlet来执行我们想要访问的.jsp |
|
| Details | IPv4 | 1442 | 127.0.0.1 |
|
| Details | Url | 1 | http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.50 |
|
| Details | Url | 2 | http://maven.apache.org/pom/4.0.0 |
|
| Details | Url | 50 | http://www.w3.org/2001/xmlschema-instance |
|
| Details | Url | 2 | http://maven.apache.org/xsd/maven-4.0.0.xsd |