深圳航空java容器字符集解析不当导致任意文件遍历 admin 109553文章 90评论 2017年5月1日21:14:10评论267 views字数 212阅读0分42秒阅读模式 摘要2016-05-09: 细节已通知厂商并且等待厂商处理中 2016-05-11: 厂商已经确认,细节仅向厂商公开 2016-05-21: 细节向核心白帽子及相关领域专家公开 2016-05-31: 细节向普通白帽子公开 2016-06-10: 细节向实习白帽子公开 2016-06-25: 细节向公众公开 漏洞概要 关注数(2) 关注此漏洞 缺陷编号: WooYun-2016-206766 漏洞标题: 深圳航空java容器字符集解析不当导致任意文件遍历 相关厂商: 深圳航空 漏洞作者: 路人甲 提交时间: 2016-05-09 19:47 公开时间: 2016-06-25 09:30 漏洞类型: 敏感信息泄露 危害等级: 高 自评Rank: 15 漏洞状态: 厂商已经确认 漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系 Tags标签: 错误信息未屏蔽 1人收藏 漏洞详情 披露状态: 2016-05-09: 细节已通知厂商并且等待厂商处理中 2016-05-11: 厂商已经确认,细节仅向厂商公开 2016-05-21: 细节向核心白帽子及相关领域专家公开 2016-05-31: 细节向普通白帽子公开 2016-06-10: 细节向实习白帽子公开 2016-06-25: 细节向公众公开 简要描述: 深圳航空java容器字符集解析不当导致任意文件遍历 详细说明: #1 存在漏洞服务器 http://miaosha.shenzhenair.com #2 漏洞地址 code 区域 http://miaosha.shenzhenair.com/%c0%ae/WEB-INF/web.xml code 区域 <bean id="uiueGroupBuyingDao" class="com.iss.szair.b2c.uiue.groupBuying.dao.impl.GroupBuyingDaoImpl"/> <bean id="groupBuyingBiz" class="com.iss.szair.b2c.uiue.groupBuying.bizlogic.impl.UiueGroupBuyingBiz"> <property name="groupBuyingDao"> <ref local="uiueGroupBuyingDao"/> </property> </bean> <!-- ADD BY YUJIA NEB-625 20141117 END --> <!-- add by li-ji 20141112 NEB-625 机票团购-展示 start --> <bean id="IShowPromotionDao" class="com.iss.szair.b2c.groupBuying.dao.impl.ShowPromotionDaoImpl"/> <bean id="IShowPromotionBiz" class="com.iss.szair.b2c.groupBuying.bizlogic.impl.ShowPromotionBiz"> <property name="showPromotionDao"> <ref local="IShowPromotionDao"/> </property> </bean> <bean id="IShowPromotionUiueDao" class="com.iss.szair.b2c.uiue.groupBuying.dao.impl.ShowPromotionUiueDaoImpl"/> <bean id="IShowPromotionUiueBiz" class="com.iss.szair.b2c.uiue.groupBuying.bizlogic.impl.ShowPromotionUiueBiz"> <property name="showPromotionUiueDao"> <ref local="IShowPromotionUiueDao"/> </property> </bean> <!-- add by li-ji 20141028 NEB-625 机票团购-展示end --> <bean id="IAuctionPubBiz" class="com.iss.szair.b2c.auction.bizlogic.AuctionPubBiz"> <property name="auctionPubDao"> <ref local="IAuctionPubDao"/> </property> </bean> <bean id="IAuctionPubDao" class="com.iss.szair.b2c.auction.dao.oracle.AuctionPubDaoImpl"></bean> <bean id="IAuctionRecordBiz" class="com.iss.szair.b2c.auction.bizlogic.AuctionRecordBiz"> <property name="auctionRecordDao"> <ref local="IAuctionRecordDao"/> </property> </bean> <bean id="IAuctionRecordDao" class="com.iss.szair.b2c.auction.dao.oracle.AuctionRecordDaoImpl"></bean> <!-- ==========================add by hlkang for auction========================== --> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <!-- <ref local="mybean"/> --> <ref local="daoAuthenticationProvider"/> <ref local="anonymousAuthenticationProvider"/> </list> </property> </bean> <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> <property name="key"> <value>foobar</value> </property> <property name="userAttribute"> <value>anonymousUser,AUTH_ANONYMOUS</value> </property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="jdbcDaoImpl"/> <property name="userCache"> <ref local="userCache"/> </property> <!-- if you do not want encode password --> <property name="passwordEncoder" ref="passwordEncoder"/> </bean> <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/> <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/> <bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource"> <ref bean="dataSource"/> </property> <property name="usersByUsernameQuery"> <value> SELECT user_sAccount, User_sPassword,1 FROM Sys_user WHERE User_sAccount=? </value> <!-- <value>SELECT user_sAccount, User_sPassword,User_nIsEnabled FROM Sys_user WHERE User_sAccount=?</value> --> </property> <property name="authoritiesByUsernameQuery"> <value> select u.User_sAccount,auth.Auth_sName from Sys_AuthRole authrel,Sys_Auth auth,Sys_User u,Sys_OrgRelation rel1,Sys_PostRole rel2 WHERE u.User_sAccount = ? and u.User_sID=rel1.OrRe_sNode and rel1.OrRe_sParentNode=rel2.PoRo_sOrgNodeID and rel2.PoRo_sRoleID= authrel.AURO_SROLEID and auth.Auth_sID = authrel.AURO_SAUTHID </value> </property> </bean> 漏洞证明: code 区域 This XML file does not appear to have any style information associated with it. The document tree is shown below. <web-app id="WebApp_1154401509359"> <context-param id="ContextParam_1233884491862"> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/classes/com/iss/config/FrontSpringConfig.xml </param-value> </context-param> <filter id="Filter_1233884491863"> <filter-name>Character Encoding</filter-name> <filter-class>com.iss.common.CharacterEncodingFilter</filter-class> <init-param id="InitParam_1233884491863"> <param-name>encoding</param-name> <param-value>GBK</param-value> </init-param> <init-param id="InitParam_1233884491864"> <param-name>ignore</param-name> <param-value>true</param-value> </init-param> </filter> <filter id="Filter_1233884491864"> <filter-name>B2g Login Manage</filter-name> <filter-class>com.iss.b2g.common.LoginFilter</filter-class> <init-param id="InitParam_1233884491865"> <param-name>encoding</param-name> <param-value>GBK</param-value> </init-param> <init-param id="InitParam_1233884491866"> <param-name>ignore</param-name> <param-value>true</param-value> </init-param> </filter> <filter id="Filter_1233884491865"> <filter-name>B2a Login Manage</filter-name> <filter-class>com.iss.b2g.common.LoginFilter</filter-class> <init-param id="InitParam_1233884491867"> <param-name>encoding</param-name> <param-value>GBK</param-value> </init-param> <init-param id="InitParam_1233884491868"> <param-name>ignore</param-name> <param-value>true</param-value> </init-param> </filter> <filter id="Filter_1379346676944"> <filter-name>ProductExtendFilter</filter-name> <filter-class>com.iss.common.ProductExtendFilter</filter-class> </filter> <!-- add by jinqr 20140326 NEB-BUG316 安全漏洞 start --> <filter id="Filter_1233884491871"> <filter-name>IllegalCharacterFilter</filter-name> <filter-class>com.iss.common.IllegalCharacterFilter</filter-class> <init-param id="InitParam_1233884491871"> <param-name>characterParams</param-name> <param-value>',",<,></param-value> </init-param> </filter> <!-- add by jinqr 20140326 NEB-BUG316 安全漏洞 end --> <filter id="Filter_1379346676945"> <filter-name>AllUrlFilter</filter-name> <filter-class>com.iss.common.filter.AllUrlFilter</filter-class> <init-param id="InitParam_1379346676944"> <param-name>includeStrings</param-name> <param-value> select ;select%20;script;update ;update%20;delete ;delete%20;iframe;%20and%20 </param-value> </init-param> <init-param id="InitParam_1379346676945"> <param-name>redirectPath</param-name> <param-value>/</param-value> </init-param> <init-param id="InitParam_1379346676946"> <param-name>disabletestfilter</param-name> <param-value>N</param-value> </init-param> </filter> <filter-mapping> <filter-name>IllegalCharacterFilter</filter-name> <url-pattern>/regist/userMgr.do</url-pattern> </filter-mapping> <filter-mapping id="FilterMapping_1379346676944"> <filter-name>AllUrlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping id="FilterMapping_1379346676945"> <filter-name>ProductExtendFilter</filter-name> <servlet-name>action</servlet-name> </filter-mapping> <filter-mapping id="FilterMapping_1379346676946"> <filter-name>ProductExtendFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping id="FilterMapping_1233884491862"> <filter-name>B2g Login Manage</filter-name> <url-pattern>/b2g/*</url-pattern> </filter-mapping> <filter-mapping id="FilterMapping_1233884491863"> <filter-name>B2a Login Manage</filter-name> <url-pattern>/b2a/*</url-pattern> </filter-mapping> <filter-mapping id="FilterMapping_1233884491864"> <filter-name>Character Encoding</filter-name> <servlet-name>action</servlet-name> </filter-mapping> <filter-mapping id="FilterMapping_1233884491878"> <filter-name>Character Encoding</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <listener id="Listener_1233884491878"> <listener-class> org.springframework.web.util.IntrospectorCleanupListener </listener-class> </listener> <listener id="Listener_1233884491879"> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <listener id="Listener_1233884491880"> <listener-class> org.acegisecurity.ui.session.HttpSessionEventPublisher </listener-class> </listener> <listener id="Listener_1233884491881"> <listener-class>com.iss.szair.b2g.account.action.ClientAccountCtrl</listener-class> </listener> <servlet id="Servlet_1233884439721"> <servlet-name>action</servlet-name> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> <init-param id="InitParam_1233884491878"> <param-name>config</param-name> <param-value> /WEB-INF/struts-config.xml,/WEB-INF/config/struts-config-system.xml ,/WEB-INF/config/example/struts-config-example.xml ,/WEB-INF/config/b2g/account/struts-config-account.xml ,/WEB-INF/config/b2g/advice/struts-config-advice.xml ,/WEB-INF/config/b2g/deposit/struts-config-deposit.xml ,/WEB-INF/config/b2g/query/struts-config-query.xml ,/WEB-INF/config/b2g/teamorder/struts-config-teamorder.xml ,/WEB-INF/config/hr/struts-config-hr.xml ,/WEB-INF/config/wap/struts-config-wap.xml ,/WEB-INF/config/b2a/outuser/struts-config-outuser.xml ,/WEB-INF/config/b2a/bSPReimburse/struts-config-bSPReimburseQ.xml ,/WEB-INF/config/b2a/bulletin/struts-config-bulletin.xml ,/WEB-INF/config/b2a/advice/struts-config-adviceB2a.xml ,/WEB-INF/config/b2a/agentorder/struts-config-agentorder.xml ,/WEB-INF/config/b2a/ticketStstusAlert/struts-config-ticketStstusAlert.xml ,/WEB-INF/config/b2a/Loan/struts-config-loan.xml ,/WEB-INF/config/b2a/pnr/struts-config-pnr.xml ,/WEB-INF/config/b2a/AgentReport/struts-config-agentReport.xml ,/WEB-INF/config/b2a/returnbill/struts-config-returnbill.xml ,/WEB-INF/config/b2a/manageTicket/struts-config-manageTicket.xml ,/WEB-INF/config/universiadeguess/struts-config-guess.xml ,/WEB-INF/config/secondbuy/struts-config-secondbuy.xml ,/WEB-INF/config/universiade/struts-config-universiadePhoto.xml ,/WEB-INF/config/awardsList/struts-config-awardsList.xml <!-- ,/WEB-INF/config/ticketBookingFlow/struts-config-ticketBookingFlow.xml --> ,/WEB-INF/config/coupon/struts-config-coupon.xml ,/WEB-INF/config/ddds/struts-config-ddds.xml ,/WEB-INF/config/voucher/struts-config-voucher.xml ,/WEB-INF/config/payinterface/struts-config-payinterface.xml ,/WEB-INF/config/activity/struts-config-activity.xml ,/WEB-INF/config/questionnaire/struts-config-questionnaire.xml ,/WEB-INF/config/checkIn/struts-config-checkIn.xml ,/WEB-INF/config/uiue/struts-config-uiue.xml ,/WEB-INF/config/internationalBooking/struts-config-internationalBooking.xml ,/WEB-INF/config/internationalBooking/struts-config-test-internationalBooking.xml ,/WEB-INF/config/checksession/struts-config-checksession.xml ,/WEB-INF/config/userManager/struts-config-um.xml ,/WEB-INF/config/groupBuying/struts-config-groupBuying.xml </param-value> </init-param> <init-param id="InitParam_1233884491879"> <param-name>debug</param-name> <param-value>2</param-value> </init-param> <init-param id="InitParam_1233884491880"> <param-name>detail</param-name> <param-value>2</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet id="Servlet_1233884439722"> <servlet-name>InitLog</servlet-name> <servlet-class>com.iss.system.log.InitLog4j</servlet-class> <init-param id="InitParam_1233884491881"> <param-name>log4j-config</param-name> <param-value>/WEB-INF/log4j.properties</param-value> </init-param> <init-param id="InitParam_1233884491882"> <param-name>config-relative</param-name> <param-value>true</param-value> </init-param> <init-param id="InitParam_1233884491883"> <param-name>property-relative</param-name> <param-value>true</param-value> </init-param> <load-on-startup>4</load-on-startup> </servlet> <servlet id="Servlet_1233884439723"> <servlet-name>ContextServlet</servlet-name> <servlet-class>com.iss.config.ContextServlet</servlet-class> <init-param id="InitParam_1233884491884"> <param-name>DataSource</param-name> <param-value>jdbc/shem</param-value> </init-param> <init-param id="InitParam_1233884491885"> <param-name>FareDataSource</param-name> <param-value>jdbc/fare</param-value> </init-param> <init-param id="InitParam_1233894491885"> <param-name>CacheDataSource</param-name> <param-value>jdbc/cache</param-value> </init-param> <init-param id="InitParam_1233884491886"> <param-name>GlobalMessageResource</param-name> <param-value>resources.GlobalMessageResources</param-value> </init-param> <init-param id="InitParam_1233884491887"> <param-name>ROOT_PATH</param-name> <param-value/> </init-param> <init-param id="InitParam_1233884491888"> <param-name>appServer</param-name> <param-value>websphere</param-value> </init-param> <!-- START 2013/12/21 ADD BY LI JIAN 国际票打票机追加 --> <init-param id="InitParam_6455257"> <param-name>IBE_INTER_PRINTER_NO</param-name> <param-value>3</param-value> </init-param> <!-- END 2013/12/21 ADD BY LI JIAN 国际票打票机追加 --> <init-param id="InitParam_645525701"> <param-name>IBE_INTER_PRINTER_NO_1</param-name> <param-value>2</param-value> </init-param> <init-param id="InitParam_645525702"> <param-name>IBE_INTER_PRINTER_NO_2</param-name> <param-value>9</param-value> </init-param> <init-param id="InitParam_645525703"> <param-name>IBE_INTER_PRINTER_NO_3</param-name> <param-value>10</param-value> </init-param> <init-param id="InitParam_645525704"> <param-name>IBE_INTER_PRINTER_NO_4</param-name> <param-value>13</param-value> </init-param> <!-- START 2014/4/10 ADD BY ZHANGJ 支付平台打票机追加 --> <init-param id="InitParam_6455258"> <param-name>IBE_PAYMENTPLAT_PRINTER_NO_1</param-name> <param-value>12</param-value> </init-param> <init-param id="InitParam_6455259"> <param-name>IBE_PAYMENTPLAT_PRINTER_NO_2</param-name> <param-value>12</param-value> </init-param> <!-- END 2014/4/10 ADD BY ZHANGJ 支付平台打票机追加 --> <init-param id="InitParam_1233884491889"> <param-name>IBE_B2C_PRINTER_NO</param-name> <param-value>1</param-value> </init-param> <init-param id="InitParam_1233884491890"> <param-name>IBE_B2G_PRINTER_NO</param-name> <param-value>3</param-value> </init-param> <init-param id="InitParam_1233884491891"> <param-name>IBE_B2A_PRINTER_NO</param-name> <param-value>9</param-value> </init-param> <init-param id="InitParam_1233884491892"> <param-name>IBE_SYS_PRINTER_NO</param-name> <param-value>1</param-value> </init-param> <init-param id="InitParam_1233884491893"> <param-name>IBE_B2C_REFOUND_PRINTER_NO</param-name> <param-value>1</param-value> </init-param> <init-param id="InitParam_1233884491905"> <param-name>IBE_B2C_REFOUND_WF1_PRINTER_NO</param-name> <param-value>4</param-value> </init-param> <init-param id="InitParam_1233884491906"> <param-name>IBE_B2C_REFOUND_WF2_PRINTER_NO</param-name> <param-value>5</param-value> </init-param> <init-param id="InitParam_1233884491894"> <param-name>IBE_B2A_REFOUND_PRINTER_NO</param-name> <param-value>1</param-value> </init-param> <init-param id="InitParam_1233884491895"> <param-name>IBE_B2G_REFOUND_PRINTER_NO</param-name> <param-value>1</param-value> </init-param> <init-param id="InitParam_1233884491896"> <param-name>IBE_SYS_REFOUND_PRINTER_NO</param-name> <param-value>1</param-value> </init-param> <!-- add by bidi 2014-10-22 打票机轮巡出票功能,需要在发布前确认各平台打票机 将所有打票机按平台区分后,以英文;进行分隔,填入各param-value中。 --> <init-param id="InitParam_1233837519069"> <param-name>IBE_B2C_PRINTER_NOS</param-name> <param-value>1;6</param-value> </init-param> <init-param id="InitParam_1233837519070"> <param-name>IBE_PASY_PRINTER_NOS</param-name> <param-value>7;11;12;14;15;16;17;18;19;20;21;22;23</param-value> </init-param> <init-param id="InitParam_1233837519071"> <param-name>IBE_INTER_PRINTER_NOS</param-name> <param-value>2</param-value> </init-param> <!-- end by bidi --> <init-param id="InitParam_1233884491897"> <param-name>IBE_CONFIG</param-name> <param-value>PRODUCTION</param-value> </init-param> <init-param id="InitParam_1233884491898"> <param-name>DOWNLOAD_DIR</param-name> <param-value> D:/IBM/WebSphere/AppServer/installedApps/WWW-SVR/szair.ear/szair.war/download/ </param-value> </init-param> <init-param id="InitParam_1233884491899"> <param-name>HTTP_DIR</param-name> <param-value>/download/</param-value> </init-param> <init-param id="InitParam_1233884491903"> <param-name>EPSILON_URL</param-name> <param-value> http://custom-apac.epsiloninteractive.com/shenzhenair/raf/RAF_friend.php </param-value> </init-param> <init-param id="InitParam_1233884491904"> <param-name>EPSILON_PASSWORD</param-name> <param-value>p=toYq4DJ8</param-value> </init-param> <init-param id="InitParam_1233884491907"> <param-name>MAX_SENDCODETIMES</param-name> <param-value>3</param-value> </init-param> <!-- ADD by yu.yu 20140325 NEB-283 B2C和电粉实现单点登录 START --> <init-param id="InitParam_1233884491908"> <param-name>DIANFEN_URL</param-name> <param-value>http://ecfan.shenzhenair.com</param-value> </init-param> <!-- ADD by yu.yu 20140325 NEB-283 B2C和电粉实现单点登录 END --> <!-- add by li-ji 20141022 NEB-626 易来易往 start --> <!-- 1易来易往产品启用;0易来易往产品停用 --> <init-param id="InitParam_1233884491999"> <param-name>EASY_COME_EASY_GO_FLAG</param-name> <param-value>1</param-value> </init-param> <!-- add by li-ji 20141022 NEB-626 易来易往 end --> <!-- 易来易往舱位配置 --> <init-param id="InitParam_1233884491988"> <param-name>YLYW_TCLASS_WF</param-name> <param-value>S</param-value> </init-param> <!-- add by jinqr 20141208 NEB-659 联动P舱产品 start --> <init-param id="InitParam_1234884491999"> <param-name>LINKAGE_P_START</param-name> <param-value>2015-03-09</param-value> </init-param> <init-param id="InitParam_1234884491968"> <param-name>LINKAGE_P_END</param-name> <param-value>2015-12-31</param-value> </init-param> <init-param id="InitParam_1233884491978"> <param-name>LINKAGE_P_DISCOUNT_RANGE</param-name> <param-value>30</param-value> </init-param> <!-- add by jinqr 20141208 NEB-659 联动P舱产品 end --> <init-param id="InitParam_1233884491991"> <param-name>SPECIAL_LINKAGE_P_START</param-name> <param-value>2015-07-08</param-value> </init-param> <init-param id="InitParam_1233884491992"> <param-name>SPECIAL_LINKAGE_P_END</param-name> <param-value>2015-08-24</param-value> </init-param> <init-param id="InitParam_1233884491993"> <param-name>SPECIAL_LINKAGE_P_DISCOUNT_RANGE</param-name> <param-value>50</param-value> </init-param> <init-param id="InitParam_12338123491994"> <param-name>ADVANCE_BOOKING_DAYS</param-name> <param-value>3</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet id="Servlet_1233884439724"> <servlet-name>BankPayServlet</servlet-name> <servlet-class>com.iss.szair.bank.BankPayServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439725"> <servlet-name>WapBankPayServlet</servlet-name> <servlet-class>com.iss.szair.bank.WapBankPayServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439752"> <servlet-name>EPosPayServlet</servlet-name> <servlet-class>com.iss.szair.bank.yeepay.epos.EPosPayServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439726"> <servlet-name>ABCB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.abc.ABCB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439727"> <servlet-name>AliPayB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.alipay.AliPayB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1243957839381"> <servlet-name>AliPayB2CServlet1</servlet-name> <servlet-class>com.iss.szair.bank.alipay.AliPayB2CServlet1</servlet-class> </servlet> <servlet id="Servlet_1243957839382"> <servlet-name>GZUNIONB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.gzunion.GZUNIONB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1282032627900"> <servlet-name>QuickMoneyB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.quickmpay.QuickMoneyB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1282032627999"> <servlet-name>QuickMoneyCCServlet</servlet-name> <servlet-class> com.iss.szair.bank.quickmpay.cc.QuickMoneyCCServlet </servlet-class> </servlet> <!-- add by xingjg NEB-80-社会化值机 start --> <servlet id="Servlet_1282032627980"> <servlet-name>PlatformLoginServlet</servlet-name> <servlet-class>com.iss.szair.b2c.checkin.platform.LoginServlet</servlet-class> </servlet> <!-- add by xingjg NEB-80-社会化值机 end --> <servlet id="Servlet_1337167838755"> <servlet-name>WyzxB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.wyzxen.WyzxB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1282032627901"> <servlet-name>BOCOMB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.bocom.BOCOMB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439728"> <servlet-name>BCB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.bc.BCB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439729"> <servlet-name>CCBB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.ccb.CCBB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439730"> <servlet-name>CCBWapB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.ccb.CCBWapB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439731"> <servlet-name>CMBB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.cmb.CMBB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439732"> <servlet-name>CHINAPNRB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439733"> <servlet-name>CHINAPNRB2CServlet1</servlet-name> <servlet-class>com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet1</servlet-class> </servlet> <servlet id="Servlet_1233884439734"> <servlet-name>CHINAPNRMASB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.chinapnr.CHINAPNRMASB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439735"> <servlet-name>CHINAPNRMASB2CRefundServlet</servlet-name> <servlet-class> com.iss.szair.bank.chinapnr.CHINAPNRMASB2CRefundServlet </servlet-class> </servlet> <servlet id="Servlet_1233884439736"> <servlet-name>ICBCB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.icbc.ICBCB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439737"> <servlet-name>SDBB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.sdb.SDBB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439738"> <servlet-name>SZSHPDB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.spdb.SZSHPDB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439739"> <servlet-name>SZUnionServlet</servlet-name> <servlet-class>com.iss.szair.bank.szunion.SZUNIONB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439740"> <servlet-name>YeePay2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.yeepay.YeePay2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439741"> <servlet-name>TenPayB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.tenpay.TenPayB2CServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439742"> <servlet-name>SelectCityServlet</servlet-name> <servlet-class>com.iss.szair.common.servlet.SelectCityServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439743"> <servlet-name>CrmScoreServlet</servlet-name> <servlet-class> com.oaking.shem.webservice.kingclub.CrmScoreServlet </servlet-class> </servlet> <servlet id="Servlet_1233884439744"> <servlet-name>ChineseWordServlet</servlet-name> <servlet-class>com.iss.szair.common.servlet.ChineseWordServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439745"> <servlet-name>AxisServlet</servlet-name> <display-name>Apache-Axis Servlet</display-name> <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439746"> <servlet-name>AdminServlet</servlet-name> <display-name>Axis Admin Servlet</display-name> <servlet-class>org.apache.axis.transport.http.AdminServlet</servlet-class> <load-on-startup>100</load-on-startup> </servlet> <servlet id="Servlet_1233884439747"> <servlet-name>SOAPMonitorService</servlet-name> <display-name>SOAPMonitorService</display-name> <servlet-class>org.apache.axis.monitor.SOAPMonitorService</servlet-class> <init-param id="InitParam_1233884491900"> <param-name>SOAPMonitorPort</param-name> <param-value>5001</param-value> </init-param> <load-on-startup>100</load-on-startup> </servlet> <servlet id="Servlet_1233884439748"> <servlet-name>Barbecue</servlet-name> <servlet-class>net.sourceforge.barbecue.BarcodeServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet id="Servlet_1233884439749"> <servlet-name>AjaxServlet</servlet-name> <servlet-class>com.shenzhenair.shem.gift.checkCardServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439750"> <servlet-name>dwr-invoker</servlet-name> <display-name>DWR Servlet</display-name> <servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class> <init-param id="InitParam_1233884491901"> <param-name>debug</param-name> <param-value>false</param-value> </init-param> <init-param id="InitParam_1233884491902"> <param-name>crossDomainSessionSecurity</param-name> <param-value>false</param-value> </init-param> <load-on-startup>10</load-on-startup> </servlet> <servlet id="Servlet_1233884439751"> <servlet-name>SearchEngineServlet</servlet-name> <display-name>Search Engine Servlet</display-name> <servlet-class>com.szair.common.SearchEngineServlet</servlet-class> </servlet> <servlet id="Servlet_1233884439753"> <servlet-name>BarcodeServlet</servlet-name> <servlet-class>org.krysalis.barcode4j.servlet.BarcodeServlet</servlet-class> </servlet> <servlet id="Servlet_9082011072202"> <servlet-name>FindPasswordServlet</servlet-name> <servlet-class> com.iss.szair.b2c.regist.servlet.FindPasswordServlet </servlet-class> </servlet> <servlet id="Servlet_9282011072202"> <servlet-name>ValidateUserServlet</servlet-name> <servlet-class> com.iss.szair.b2c.regist.servlet.ValidateUserServlet </servlet-class> </servlet> <servlet id="Servlet_1233884439754"> <servlet-name>BarcodeErrorServlet</servlet-name> <servlet-class>org.krysalis.barcode4j.webapp.BarcodeErrorServlet</servlet-class> </servlet> <servlet id="Servlet_1282032627902"> <servlet-name>TejiaMailBookServlet</servlet-name> <servlet-class>com.szair.common.TejiaMailBookServlet</servlet-class> </servlet> <servlet id="Servlet_image"> <servlet-name>CheckImageServlet</servlet-name> <servlet-class>com.iss.szair.common.servlet.CheckImageServlet</servlet-class> </servlet> <!-- 邮政储蓄支付处理Servlet add by SunC --> <servlet id="Servlet_1282032627904"> <servlet-name>PSBCB2CServlet</servlet-name> <servlet-class>com.iss.szair.bank.psbc.PSBCB2CServlet</servlet-class> </servlet> <!-- ADD By li-jun-neu 20140126 NEB-93 B2C 使用支付平台接口 Start --> <servlet id="Servlet_6455259"> <servlet-name>PaymentServlet</servlet-name> <servlet-class> com.iss.scm.returnbill.payment.servlet.PaymentPlantServlet </servlet-class> </servlet> <!-- ADD By li-jun-neu 20140126 NEB-93B2C 使用支付平台接口 End --> <!-- pujian payinterface --> <servlet id="Servlet_6455257"> <servlet-name>PaymentGuoNeiPlantServlet</servlet-name> <servlet-class> com.iss.szair.b2c.payinterface.payment.servlet.PaymentGuoNeiPlantServlet </servlet-class> </servlet> <servlet id="Servlet_6455258"> <servlet-name>PaymentGuoNeiPlantNotifyServlet</servlet-name> <servlet-class> com.iss.szair.b2c.payinterface.payment.servlet.PaymentGuoNeiPlantNotifyServlet </servlet-class> </servlet> <servlet id="Servlet_64552590"> <servlet-name>NewAPINotifyServlet</servlet-name> <servlet-class> com.iss.szair.b2c.payinterface.payment.servlet.NewAPINotifyServlet </servlet-class> </servlet> <servlet id="Servlet_6455255"> <servlet-name>PaymentPlantServlet</servlet-name> <servlet-class> com.iss.szair.b2c.internationalBooking.payment.servlet.PaymentPlantServlet </servlet-class> </servlet> <servlet id="Servlet_6455256"> <servlet-name>PaymentPlantNotifyServlet</servlet-name> <servlet-class> com.iss.szair.b2c.internationalBooking.payment.servlet.PaymentPlantNotifyServlet </servlet-class> </servlet> <!-- ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 Start --> <servlet id="Servlet_1282032627905"> <servlet-name>RandomImgServlet</servlet-name> <servlet-class>com.iss.szair.common.servlet.RandomImgServlet</servlet-class> </servlet> <!-- ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 END --> <servlet id="Servlet_1282032627998"> <servlet-name>CheckImageServlet3D</servlet-name> <servlet-class>com.iss.szair.common.servlet.CheckImageServlet3D</servlet-class> </servlet> <servlet id="Servlet_1282032627907"> <servlet-name>CheckImageServlet3DNew</servlet-name> <servlet-class> com.iss.szair.common.servlet.CheckImageServlet3DNew </servlet-class> </servlet> <servlet id="Servlet_1282032627909"> <servlet-name>InterCheckImageServlet3D</servlet-name> <servlet-class> com.iss.szair.b2c.internationalBooking.common.InterCheckImageServlet3D </servlet-class> </servlet> <servlet id="Servlet_1282032627911"> <servlet-name>SavePriceServlet</servlet-name> <servlet-class>com.iss.szair.common.servlet.SavePriceServlet</servlet-class> </servlet> <!-- add by yudx 20141204 neb-536 官网UIUIE快捷支付 start --> <servlet id="Servlet_64552591"> <servlet-name>PaymentUiueNotifyServlet</servlet-name> <servlet-class> com.iss.szair.b2c.uiue.servlet.PaymentUiueNotifyServlet </servlet-class> </servlet> <servlet id="Servlet_64552601"> <servlet-name>PaymentUiueReturnServlet</servlet-name> <servlet-class> com.iss.szair.b2c.uiue.servlet.PaymentUiueReturnServlet </servlet-class> </servlet> <!-- add by yudx 20141204 neb-536 官网UIUIE快捷支付 end --> <servlet-mapping id="ServletMapping_savePriceServlet"> <servlet-name>SavePriceServlet</servlet-name> <url-pattern>/servlet/SavePrice</url-pattern> </servlet-mapping> <!-- add by yudx 20141204 neb-536 官网UIUIE快捷支付 start --> <servlet-mapping id="ServletMapping_64552591"> <servlet-name>PaymentUiueNotifyServlet</servlet-name> <url-pattern>/servlet/PaymentUiueNotifyServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_64552601"> <servlet-name>PaymentUiueReturnServlet</servlet-name> <url-pattern>/servlet/PaymentUiueReturnServlet</url-pattern> </servlet-mapping> <!-- add by yudx 20141204 neb-536 官网UIUIE快捷支付 end --> <servlet-mapping id="ServletMapping_interImage3D"> <servlet-name>InterCheckImageServlet3D</servlet-name> <url-pattern>/servlet/InterCheckImageServlet3D</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_image3D"> <servlet-name>CheckImageServlet3D</servlet-name> <url-pattern>/servlet/CheckImageServlet3D</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_image3DNew"> <servlet-name>CheckImageServlet3DNew</servlet-name> <url-pattern>/servlet/CheckImageServlet3DNew</url-pattern> </servlet-mapping> <!-- ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 Start --> <servlet-mapping id="ServletMapping_1233884491919"> <servlet-name>RandomImgServlet</servlet-name> <url-pattern>/servlet/RandomImgServlet</url-pattern> </servlet-mapping> <!-- ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 End --> <servlet-mapping id="ServletMapping_6455255"> <servlet-name>PaymentPlantServlet</servlet-name> <url-pattern>/servlet/PaymentPlantServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_6455256"> <servlet-name>PaymentPlantNotifyServlet</servlet-name> <url-pattern>/servlet/PaymentPlantNotifyServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_64552590"> <servlet-name>NewAPINotifyServlet</servlet-name> <url-pattern>/servlet/NewAPINotifyServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_6455257"> <servlet-name>PaymentGuoNeiPlantServlet</servlet-name> <url-pattern>/servlet/PaymentGuoNeiPlantServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_6455258"> <servlet-name>PaymentGuoNeiPlantNotifyServlet</servlet-name> <url-pattern>/servlet/PaymentGuoNeiPlantNotifyServlet</url-pattern> </servlet-mapping> <!-- pujian payinterface --> <!-- ADD By li-jun-neu 20140126 NEB-93 B2C 使用支付平台接口 Start --> <servlet-mapping id="ServletMapping_6455259"> <servlet-name>PaymentServlet</servlet-name> <url-pattern>/servlet/PaymentServlet</url-pattern> </servlet-mapping> <!-- ADD By li-jun-neu 20140126 NEB-93B2C 使用支付平台接口 End --> <servlet-mapping id="ServletMapping_image"> <servlet-name>CheckImageServlet</servlet-name> <url-pattern>/servlet/CheckImageServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1282032712510"> <servlet-name>TejiaMailBookServlet</servlet-name> <url-pattern>/servlet/TejiaMailBookServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491878"> <servlet-name>BarcodeServlet</servlet-name> <url-pattern>/gensvg</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_9082011072202"> <servlet-name>FindPasswordServlet</servlet-name> <url-pattern>/servlet/findServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_9282011072202"> <servlet-name>ValidateUserServlet</servlet-name> <url-pattern>/servlet/userServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491879"> <servlet-name>BarcodeServlet</servlet-name> <url-pattern>/genbc</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1243957877209"> <servlet-name>GZUNIONB2CServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.gzunion.GZUNIONB2CServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1282032712511"> <servlet-name>QuickMoneyB2CServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.quickmpay.QuickMoneyB2CServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1282032712599"> <servlet-name>QuickMoneyCCServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.quickmpay.cc.QuickMoneyCCServlet </url-pattern> </servlet-mapping> <!-- add by xingjg NEB-80-社会化值机 start --> <servlet-mapping id="ServletMapping_1282032712580"> <servlet-name>PlatformLoginServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.b2c.checkin.platform.LoginServlet </url-pattern> </servlet-mapping> <!-- add by xingjg NEB-80-社会化值机 end --> <servlet-mapping id="ServletMapping_1337167924177"> <servlet-name>WyzxB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.wyzxen.WyzxB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1282032712512"> <servlet-name>BOCOMB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.bocom.BOCOMB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491880"> <servlet-name>BarcodeErrorServlet</servlet-name> <url-pattern>/errsvg</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491882"> <servlet-name>BankPayServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.BankPayServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491883"> <servlet-name>WapBankPayServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.WapBankPayServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491884"> <servlet-name>ABCB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.abc.ABCB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491913"> <servlet-name>EPosPayServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.yeepay.epos.EPosPayServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491885"> <servlet-name>AliPayB2CServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.alipay.AliPayB2CServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1243957877210"> <servlet-name>AliPayB2CServlet1</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.alipay.AliPayB2CServlet1 </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491886"> <servlet-name>CCBB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.ccb.CCBB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491887"> <servlet-name>CCBWapB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.ccb.CCBWapB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491888"> <servlet-name>BCB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.bc.BCB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491889"> <servlet-name>CMBB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.cmb.CMBB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491890"> <servlet-name>CHINAPNRB2CServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491891"> <servlet-name>CHINAPNRB2CServlet1</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet1 </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491892"> <servlet-name>CHINAPNRMASB2CServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.chinapnr.CHINAPNRMASB2CServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491893"> <servlet-name>CHINAPNRMASB2CRefundServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.chinapnr.CHINAPNRMASB2CRefundServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491894"> <servlet-name>ICBCB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.icbc.ICBCB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491895"> <servlet-name>SDBB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.sdb.SDBB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491896"> <servlet-name>SZSHPDB2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.spdb.SZSHPDB2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491897"> <servlet-name>SZUnionServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.szunion.SZUNIONB2CServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491898"> <servlet-name>YeePay2CServlet</servlet-name> <url-pattern>/servlet/com.iss.szair.bank.yeepay.YeePay2CServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491899"> <servlet-name>TenPayB2CServlet</servlet-name> <url-pattern> /servlet/com.iss.szair.bank.tenpay.TenPayB2CServlet </url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491900"> <servlet-name>AjaxServlet</servlet-name> <url-pattern>/com.shenzhenair.shem.gift.checkCardServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491901"> <servlet-name>action</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491902"> <servlet-name>SelectCityServlet</servlet-name> <url-pattern>/servlet/SelectCityServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491903"> <servlet-name>CrmScoreServlet</servlet-name> <url-pattern>/servlet/CrmScoreServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491904"> <servlet-name>ChineseWordServlet</servlet-name> <url-pattern>/servlet/ChineseWordServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491905"> <servlet-name>AxisServlet</servlet-name> <url-pattern>/servlet/AxisServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491906"> <servlet-name>AxisServlet</servlet-name> <url-pattern>*.jws</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491907"> <servlet-name>AxisServlet</servlet-name> <url-pattern>/services/*</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491908"> <servlet-name>SOAPMonitorService</servlet-name> <url-pattern>/SOAPMonitor</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491909"> <servlet-name>Barbecue</servlet-name> <url-pattern>/barbecue/barcode</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491910"> <servlet-name>dwr-invoker</servlet-name> <url-pattern>/dwr/*</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491911"> <servlet-name>SearchEngineServlet</servlet-name> <url-pattern>/servlet/SearchEngineServlet</url-pattern> </servlet-mapping> <servlet-mapping id="ServletMapping_1233884491912"> <servlet-name>PSBCB2CServlet</servlet-name> <url-pattern>/servlet/PSBCB2CServlet</url-pattern> </servlet-mapping> <session-config id="SessionConfig_1233884491878"> <session-timeout>45</session-timeout> </session-config> <mime-mapping id="MimeMapping_1154677298328"> <extension>abs</extension> <mime-type>audio/x-mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1233884491878"> <extension>xsl</extension> <mime-type>text/xml</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298329"> <extension>ai</extension> <mime-type>application/postscript</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298330"> <extension>aif</extension> <mime-type>audio/x-aiff</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298331"> <extension>aifc</extension> <mime-type>audio/x-aiff</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298332"> <extension>aiff</extension> <mime-type>audio/x-aiff</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298333"> <extension>aim</extension> <mime-type>application/x-aim</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298334"> <extension>art</extension> <mime-type>image/x-jg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298335"> <extension>asf</extension> <mime-type>video/x-ms-asf</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298336"> <extension>asx</extension> <mime-type>video/x-ms-asf</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298337"> <extension>au</extension> <mime-type>audio/basic</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298338"> <extension>avi</extension> <mime-type>video/x-msvideo</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298339"> <extension>avx</extension> <mime-type>video/x-rad-screenplay</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298340"> <extension>bcpio</extension> <mime-type>application/x-bcpio</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298341"> <extension>bin</extension> <mime-type>application/octet-stream</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298342"> <extension>bmp</extension> <mime-type>image/bmp</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298343"> <extension>body</extension> <mime-type>text/html</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298344"> <extension>cdf</extension> <mime-type>application/x-cdf</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298345"> <extension>cer</extension> <mime-type>application/x-x509-ca-cert</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298346"> <extension>class</extension> <mime-type>application/java</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298347"> <extension>cpio</extension> <mime-type>application/x-cpio</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298348"> <extension>csh</extension> <mime-type>application/x-csh</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298349"> <extension>css</extension> <mime-type>text/css</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298359"> <extension>dib</extension> <mime-type>image/bmp</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298360"> <extension>doc</extension> <mime-type>application/msword</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298361"> <extension>ppt</extension> <mime-type>application/ppt</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298362"> <extension>mht</extension> <mime-type>text/x-mht</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298363"> <extension>xls</extension> <mime-type>application/msexcel</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298364"> <extension>dtd</extension> <mime-type>text/plain</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298365"> <extension>dv</extension> <mime-type>video/x-dv</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298366"> <extension>dvi</extension> <mime-type>application/x-dvi</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298367"> <extension>eps</extension> <mime-type>application/postscript</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298368"> <extension>etx</extension> <mime-type>text/x-setext</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298369"> <extension>exe</extension> <mime-type>application/octet-stream</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298370"> <extension>gif</extension> <mime-type>image/gif</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298371"> <extension>gtar</extension> <mime-type>application/x-gtar</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298372"> <extension>gz</extension> <mime-type>application/x-gzip</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298373"> <extension>hdf</extension> <mime-type>application/x-hdf</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298374"> <extension>hqx</extension> <mime-type>application/mac-binhex40</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298375"> <extension>htc</extension> <mime-type>text/x-component</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298376"> <extension>htm</extension> <mime-type>text/html</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298377"> <extension>html</extension> <mime-type>text/html</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298378"> <extension>hqx</extension> <mime-type>application/mac-binhex40</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298379"> <extension>ief</extension> <mime-type>image/ief</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298380"> <extension>jad</extension> <mime-type>text/vnd.sun.j2me.app-descriptor</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298381"> <extension>jar</extension> <mime-type>application/java-archive</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298382"> <extension>java</extension> <mime-type>text/plain</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298383"> <extension>jnlp</extension> <mime-type>application/x-java-jnlp-file</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298384"> <extension>jpe</extension> <mime-type>image/jpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298385"> <extension>jpeg</extension> <mime-type>image/jpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298386"> <extension>jpg</extension> <mime-type>image/jpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298387"> <extension>js</extension> <mime-type>text/javascript</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298388"> <extension>jsf</extension> <mime-type>text/plain</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298389"> <extension>jspf</extension> <mime-type>text/plain</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298390"> <extension>kar</extension> <mime-type>audio/x-midi</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298391"> <extension>latex</extension> <mime-type>application/x-latex</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298392"> <extension>m3u</extension> <mime-type>audio/x-mpegurl</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298393"> <extension>mac</extension> <mime-type>image/x-macpaint</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298394"> <extension>man</extension> <mime-type>application/x-troff-man</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298395"> <extension>me</extension> <mime-type>application/x-troff-me</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298396"> <extension>mid</extension> <mime-type>audio/x-midi</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298397"> <extension>midi</extension> <mime-type>audio/x-midi</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298398"> <extension>mif</extension> <mime-type>application/x-mif</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298399"> <extension>mov</extension> <mime-type>video/quicktime</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298400"> <extension>movie</extension> <mime-type>video/x-sgi-movie</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298401"> <extension>mp1</extension> <mime-type>audio/x-mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298402"> <extension>mp2</extension> <mime-type>audio/x-mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298403"> <extension>mp3</extension> <mime-type>audio/x-mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298404"> <extension>mpa</extension> <mime-type>audio/x-mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298405"> <extension>mpe</extension> <mime-type>video/mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298406"> <extension>mpeg</extension> <mime-type>video/mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298407"> <extension>mpega</extension> <mime-type>audio/x-mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298408"> <extension>mpg</extension> <mime-type>video/mpeg</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298409"> <extension>mpv2</extension> <mime-type>video/mpeg2</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298410"> <extension>ms</extension> <mime-type>application/x-wais-source</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298411"> <extension>nc</extension> <mime-type>application/x-netcdf</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298412"> <extension>oda</extension> <mime-type>application/oda</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298413"> <extension>pbm</extension> <mime-type>image/x-portable-bitmap</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298414"> <extension>pct</extension> <mime-type>image/pict</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298415"> <extension>pdf</extension> <mime-type>application/pdf</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298416"> <extension>pgm</extension> <mime-type>image/x-portable-graymap</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298417"> <extension>pic</extension> <mime-type>image/pict</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298418"> <extension>pict</extension> <mime-type>image/pict</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298419"> <extension>pls</extension> <mime-type>audio/x-scpls</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298420"> <extension>png</extension> <mime-type>image/png</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298421"> <extension>pnm</extension> <mime-type>image/x-portable-anymap</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298422"> <extension>pnt</extension> <mime-type>image/x-macpaint</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298423"> <extension>ppm</extension> <mime-type>image/x-portable-pixmap</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298424"> <extension>ps</extension> <mime-type>application/postscript</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298425"> <extension>psd</extension> <mime-type>image/x-photoshop</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298426"> <extension>qt</extension> <mime-type>video/quicktime</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298427"> <extension>qti</extension> <mime-type>image/x-quicktime</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298428"> <extension>qtif</extension> <mime-type>image/x-quicktime</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298429"> <extension>rar</extension> <mime-type>application/x-rar-compressed</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298430"> <extension>ras</extension> <mime-type>image/x-cmu-raster</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298431"> <extension>rgb</extension> <mime-type>image/x-rgb</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298432"> <extension>rm</extension> <mime-type>application/vnd.rn-realmedia</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298433"> <extension>roff</extension> <mime-type>application/x-troff</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298434"> <extension>rtf</extension> <mime-type>application/rtf</mime-type> </mime-mapping> <mime-mapping id="MimeMapping_1154677298435"> 修复方案: # 补丁 版权声明:转载请注明来源 路人甲@乌云 漏洞回应 厂商回应: 危害等级:高 漏洞Rank:10 确认时间:2016-05-11 09:20 厂商回复: 感谢您对深航信息系统的关注和帮助,我们将尽快排查程序修补漏洞 最新状态: 暂无 漏洞评价: 对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值 漏洞评价(共0人评价): 登陆后才能进行评分 评价 点赞 https://cn-sec.com/archives/1458.html 复制链接 复制链接 左青龙 微信扫一扫 右白虎 微信扫一扫
评论