文件上传和下载功能安全漏洞
<h2>修复东方通7.x文件上传和下载功能安全漏洞(替换前先备份,升级前先关闭东方通)</h2>
<p>影响版本:
7.0.2.2≤TW7.X≤7.0.4.4
替换东方通安装目录lib下tongweb.jar:TW_HOME\lib\tongweb.jar
升级补丁包下载:[tongweb.jar](<a href="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/e0adbfdcf2077a5c1e9e8d7a5e728ab4">http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/e0adbfdcf2077a5c1e9e8d7a5e728ab4</a> "[tongweb.jar")
升级成功后重启东方通所有domain域(包括子域)验证是否可以正常启动
具体漏洞参考链接:
<a href="http://www.tongtech.com/News/News-65/show-1867.html">http://www.tongtech.com/News/News-65/show-1867.html</a>
补丁下载页链接: <a href="http://www.tongtech.com/Services/Services-103.html">http://www.tongtech.com/Services/Services-103.html</a>
[29c8234cfa5ef96a.zip](<a href="http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/2eb3bb749476d72eb7d2999cb42fb416">http://60.191.64.5:16100/server/index.php?s=/api/attachment/visitFile/sign/2eb3bb749476d72eb7d2999cb42fb416</a> "[29c8234cfa5ef96a.zip")</p>