Allair JRUN 非法读取 WEB-INF 漏洞 _MySQL
JRun
涉及程序:
JRUN
描述:
Allair JRUN 非法读取 WEB-INF 漏洞
详细:
在Allaire 的 JRUN 服务器 2.3版本中存在一个严重的安全漏洞。它允许一个攻击者在 JRun 3.0 服务器中查看 WEB-INF 目录。
如果用户在提交 URL 请求时在,通过附加一个“/”使该 URL 成为畸形的 URL,这时 WEB-INF 下的所有子目录将会暴露出来。攻击者巧妙的利用该漏洞将能够远程获得目标主机系统中 WEB-INF 目录下的所有文件的读取权限。
例如使用下面这个 URL 将会暴露 WEB-INF 下的所有文件:
http://site.running.jrun:8100//WEB-INF/
受影响的系统:
Allaire JRun 3.0
解决方案:
下载并安装补丁:
Allaire patch jr233p_ASB00_28_29
http://download.allaire.com/jrun/jr233p_ASB00_28_29.zip
Windows 95/98/NT/2000 and Windows NT Alpha
Allaire patch jr233p_ASB00_28_29tar
http://download.allaire.com/jrun/jr233p_ASB00_28_29.tar.gz
UNIX/Linux patch - GNU gzip/tar
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP function introduction—get_headers(): Get the response header information of the URL
Jul 25, 2023 am 09:05 AM
PHP function introduction—get_headers(): Overview of obtaining the response header information of the URL: In PHP development, we often need to obtain the response header information of the web page or remote resource. The PHP function get_headers() can easily obtain the response header information of the target URL and return it in the form of an array. This article will introduce the usage of get_headers() function and provide some related code examples. Usage of get_headers() function: get_header
Why NameResolutionError(self.host, self, e) from e and how to solve it
Mar 01, 2024 pm 01:20 PM
The reason for the error is NameResolutionError(self.host,self,e)frome, which is an exception type in the urllib3 library. The reason for this error is that DNS resolution failed, that is, the host name or IP address attempted to be resolved cannot be found. This may be caused by the entered URL address being incorrect or the DNS server being temporarily unavailable. How to solve this error There may be several ways to solve this error: Check whether the entered URL address is correct and make sure it is accessible Make sure the DNS server is available, you can try using the "ping" command on the command line to test whether the DNS server is available Try accessing the website using the IP address instead of the hostname if behind a proxy
How to read txt file correctly using pandas
Jan 19, 2024 am 08:39 AM
How to use pandas to read txt files correctly requires specific code examples. Pandas is a widely used Python data analysis library. It can be used to process a variety of data types, including CSV files, Excel files, SQL databases, etc. At the same time, it can also be used to read text files, such as txt files. However, when reading txt files, we sometimes encounter some problems, such as encoding problems, delimiter problems, etc. This article will introduce how to read txt correctly using pandas
What is the difference between html and url
Mar 06, 2024 pm 03:06 PM
Differences: 1. Different definitions, url is a uniform resource locator, and html is a hypertext markup language; 2. There can be many urls in an html, but only one html page can exist in a url; 3. html refers to is a web page, and url refers to the website address.
Practical tips for reading txt files using pandas
Jan 19, 2024 am 09:49 AM
Practical tips for reading txt files using pandas, specific code examples are required. In data analysis and data processing, txt files are a common data format. Using pandas to read txt files allows for fast and convenient data processing. This article will introduce several practical techniques to help you better use pandas to read txt files, along with specific code examples. Reading txt files with delimiters When using pandas to read txt files with delimiters, you can use read_c
Practical methods for reading web page data with Pandas
Jan 04, 2024 am 11:35 AM
The practical method of reading web page data in Pandas requires specific code examples. During data analysis and processing, we often need to obtain data from web pages. As a powerful data processing tool, Pandas provides convenient methods to read and process web page data. This article will introduce several commonly used practical methods for reading web page data in Pandas, and attach specific code examples. Method 1: Use the read_html() function. Pandas’ read_html() function can read directly from the web page.
Buffer overflow vulnerability in Java and its harm
Aug 09, 2023 pm 05:57 PM
Buffer overflow vulnerabilities in Java and their harm Buffer overflow means that when we write more data to a buffer than its capacity, it will cause data to overflow to other memory areas. This overflow behavior is often exploited by hackers, which can lead to serious consequences such as abnormal code execution and system crash. This article will introduce buffer overflow vulnerabilities and their harm in Java, and give code examples to help readers better understand. The buffer classes widely used in Java include ByteBuffer, CharBuffer, and ShortB
Example of reading and writing CSV files using OpenCSV in Java
Dec 20, 2023 pm 01:39 PM
Example of using OpenCSV to read and write CSV files in Java. CSV (Comma-SeparatedValues) refers to comma-separated values and is a common data storage format. In Java, OpenCSV is a commonly used tool library for reading and writing CSV files. This article will introduce how to use OpenCSV to implement examples of reading and writing CSV files. Introducing the OpenCSV library First, you need to introduce the OpenCSV library to
