Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1511415-1)
Описание
A vulnerable feature in the Tomcat Web Container prior to v4.0.6 and V4.1.3 allows invokation of special URLs that cause servlet execution.
This method does not obey the rules defined in the web.xml.
This method does not obey the rules defined in the web.xml.
Как исправить
1. upgrade Tomcat to the version that fixes the Invoker Servlet issue (i.e. V4.0.6, V4.1.3 or newer)
2. Inform existing customers that uses old versions of Tomcat to updtrade
2. Inform existing customers that uses old versions of Tomcat to updtrade
Ссылки