appscan 安全漏洞修复
2012-11-27 09:16
393 查看
1.会话标识未更新:登录页面加入以下代码
Java代码
request.getSession(true).invalidate();//清空session
Cookie cookie = request.getCookies()[0];//获取cookie
cookie.setMaxAge(0);//让cookie过期
不是很明白session的机制,高手路过可以指教一下。
2.跨站点请求伪造:
在出错的url加参数sessionid。
Java代码
response.getWriter().write( "<script>parent.location.href='dbase/admin/loginJsp.action?sessionId="+sessionId+"'</script>");
如果带参数报ssl错误,使用下面的post方式传值:
Java代码
response.getWriter().write(
"<script language=\"javascript\"> " +
"document.write(\"<form action=dbase/admin/loginJsp.action method=post name=formx1 style='display:none'>\");" +
"document.write(\"<input type=hidden name=name value='"+sessionId+"'\");" +
"document.write(\"</form>\");" +
"document.formx1.submit();" +
"</script>"
);
3.启用不安全HTTP方法
Java代码
修改web工程中或者服务器web.xml,增加安全配置信息,禁用不必要HTTP方法
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
4.已解密登录请求
配置SSL,具体见http://serisboy.iteye.com/admin/blogs/1320231
在web.xml加入如下配置。
Java代码
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transportguarantee>
</user-data-constraint>
</security-constraint>
5.高速缓存的ssl页面
Java代码
页面
<meta http-equiv="Pragma" contect="no-cache">
Java代码
java代码
response.setHeader("Pragma", "No-cache");
6.目录列表
配置文件目标拒绝访问。
在conf/web.xml下:
Java代码
<servlet>
<servlet-name> default </servlet-name>
<servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class>
<init-param>
<param-name> debug </param-name>
<param-value> 0 </param-value>
</init-param>
<init-param>
<param-name> listings </param-name>
<param-value> false </param-value>
</init-param>
<load-on-startup> 1 </load-on-startup>
</servlet>
把listings对应的value设置为fasle.
或者把上面的这个servlet加到你的虚拟路径下的web-inf/web.xml 中,把
servlet-name改为其它的,再加一下servlet-mapping
Java代码
<servlet>
<servlet-name> default1 </servlet-name>
<servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class>
<init-param>
<param-name> debug </param-name>
<param-value> 0 </param-value>
</init-param>
<init-param>
<param-name> listings </param-name>
<param-value> false </param-value>
</init-param>
<load-on-startup> 1 </load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name> default1 </servlet-name>
<url-pattern> / </url-pattern>
<servlet-mapping>
/article/4470330.html
Java代码
request.getSession(true).invalidate();//清空session
Cookie cookie = request.getCookies()[0];//获取cookie
cookie.setMaxAge(0);//让cookie过期
request.getSession(true).invalidate();//清空session Cookie cookie = request.getCookies()[0];//获取cookie cookie.setMaxAge(0);//让cookie过期
不是很明白session的机制,高手路过可以指教一下。
2.跨站点请求伪造:
在出错的url加参数sessionid。
Java代码
response.getWriter().write( "<script>parent.location.href='dbase/admin/loginJsp.action?sessionId="+sessionId+"'</script>");
response.getWriter().write( "<script>parent.location.href='dbase/admin/loginJsp.action?sessionId="+sessionId+"'</script>");
如果带参数报ssl错误,使用下面的post方式传值:
Java代码
response.getWriter().write(
"<script language=\"javascript\"> " +
"document.write(\"<form action=dbase/admin/loginJsp.action method=post name=formx1 style='display:none'>\");" +
"document.write(\"<input type=hidden name=name value='"+sessionId+"'\");" +
"document.write(\"</form>\");" +
"document.formx1.submit();" +
"</script>"
);
response.getWriter().write( "<script language=\"javascript\"> " + "document.write(\"<form action=dbase/admin/loginJsp.action method=post name=formx1 style='display:none'>\");" + "document.write(\"<input type=hidden name=name value='"+sessionId+"'\");" + "document.write(\"</form>\");" + "document.formx1.submit();" + "</script>" );
3.启用不安全HTTP方法
Java代码
修改web工程中或者服务器web.xml,增加安全配置信息,禁用不必要HTTP方法
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
修改web工程中或者服务器web.xml,增加安全配置信息,禁用不必要HTTP方法 <security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config>
4.已解密登录请求
配置SSL,具体见http://serisboy.iteye.com/admin/blogs/1320231
在web.xml加入如下配置。
Java代码
<security-constraint>
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transportguarantee>
</user-data-constraint>
</security-constraint>
<security-constraint> <web-resource-collection > <web-resource-name >SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transportguarantee> </user-data-constraint> </security-constraint>
5.高速缓存的ssl页面
Java代码
页面
<meta http-equiv="Pragma" contect="no-cache">
页面 <meta http-equiv="Pragma" contect="no-cache">
Java代码
java代码
response.setHeader("Pragma", "No-cache");
java代码 response.setHeader("Pragma", "No-cache");
6.目录列表
配置文件目标拒绝访问。
在conf/web.xml下:
Java代码
<servlet>
<servlet-name> default </servlet-name>
<servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class>
<init-param>
<param-name> debug </param-name>
<param-value> 0 </param-value>
</init-param>
<init-param>
<param-name> listings </param-name>
<param-value> false </param-value>
</init-param>
<load-on-startup> 1 </load-on-startup>
</servlet>
<servlet> <servlet-name> default </servlet-name> <servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class> <init-param> <param-name> debug </param-name> <param-value> 0 </param-value> </init-param> <init-param> <param-name> listings </param-name> <param-value> false </param-value> </init-param> <load-on-startup> 1 </load-on-startup> </servlet>
把listings对应的value设置为fasle.
或者把上面的这个servlet加到你的虚拟路径下的web-inf/web.xml 中,把
servlet-name改为其它的,再加一下servlet-mapping
Java代码
<servlet>
<servlet-name> default1 </servlet-name>
<servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class>
<init-param>
<param-name> debug </param-name>
<param-value> 0 </param-value>
</init-param>
<init-param>
<param-name> listings </param-name>
<param-value> false </param-value>
</init-param>
<load-on-startup> 1 </load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name> default1 </servlet-name>
<url-pattern> / </url-pattern>
<servlet-mapping>
<servlet> <servlet-name> default1 </servlet-name> <servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class> <init-param> <param-name> debug </param-name> <param-value> 0 </param-value> </init-param> <init-param> <param-name> listings </param-name> <param-value> false </param-value> </init-param> <load-on-startup> 1 </load-on-startup> </servlet> <servlet-mapping> <servlet-name> default1 </servlet-name> <url-pattern> / </url-pattern> <servlet-mapping>
/article/4470330.html
相关文章推荐
- 安全警报:Oracle 2018一月号安全补丁修复由来已久安全漏洞
- Apple Mac OS X 2008-001更新修复多个安全漏洞
- 趋势科技:微软已修复IE7的最新安全漏洞
- 安全警报:Oracle 2018一月号安全补丁修复由来已久安全漏洞
- 永恒之蓝病毒引发的勒索病毒感染,Windows系统安全漏洞修复
- 【AppScan深入浅出】修复漏洞:启用不安全的HTTP方法 (中)
- iOS漏洞可导致Apple ID被盗 – iOS 9修复三处安全漏洞
- 修复重大安全漏洞!iOS与Android系统手机用户快更新
- 【AppScan深入浅出】修复漏洞:启用不安全的HTTP方法 (中)
- Tomcat 全系安全漏洞,请尽快修复
- PHP 5.2.11版本修复多个安全漏洞
- AppScan安全漏洞报告
- Google修复Chrome三个重要安全漏洞
- 微软发布本月16个安全补丁 修复34个漏洞
- javaWeb安全验证漏洞修复总结
- Linux Glibc库安全漏洞检测方法和修复方案
- NTP服务一大波安全漏洞已修复,请尽快升级
- Mozilla公司发布更新 修复火狐十个安全漏洞
- VMware发布产品补丁 修复一些安全漏洞
- SSL 3.0 安全漏洞修复方法