Tomcat配置不当导致文件泄露

4 months ago

source link: https://bajie.dev/posts/20231228-tomcat_config/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Tomcat配置不当导致文件泄露

2023-12-28 1 分钟阅读

Tomcat配置不当导致文件泄露

说明：Tomcat由于配置不当会导致tomcat/conf log webapps work temp bin lib等信息暴露在游览器中例如：

http://192.168.89.38:8080/conf/catalina.policy
http://192.168.89.38:8080/conf/catalina.properties
http://192.168.89.38:8080/conf/context.xml
http://192.168.89.38:8080/conf/logging.properties
http://192.168.89.38:8080/conf/server.xml
http://192.168.89.38:8080/conf/tomcat-users.xml
http://192.168.89.38:8080/conf/web.xml

修复方法：

将 /export/servers/tomcat 下的 server.xml

<Host name="localhost" appBase=""  改成  
<Host name="localhost" appBase="webapps"

appBase千万不能为空

修改完后重启生效

Recommend

Tomcat配置不当导致文件泄露

Tomcat配置不当导致文件泄露

Tomcat配置不当导致文件泄露

Recommend

Amazon's Prime Video will start serving ads on January 29 unless you pay extra

用fail2ban简简单单封掉ssh端口的试探

EventConnect - Event CMS for ticketing, payments, website, photos & more | P...

Ingenious AirTag mount doubles as a reflector for discreet bike tracking

Apple's iPhone designer is leaving to work with Jony Ive and Sam Altman on AI ha...

不只影像强屏幕/性能/马达都领先一加12一部全搞定

传 Pixel 9 将添加 Gemini 模型的 AI 助手 Pixie

AI In Windows: Investigating Windows Copilot

iQOO Neo9系列正式发布天玑骁龙双芯加持售2299起

shell脚本的一个好的帮助信息

About Joyk