Tomcat8.5.34.0版本漏洞修复

Tomcat8.5.34.0版本漏洞修复
漏洞1：拒绝式服务漏洞 组件远程代码执行漏洞 反序列话代码执行漏洞
漏洞2：AJP协议文件读取与包含严重漏洞
1.下载最新版本tomcat8.5.79.0
wget https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.79/bin/apache-tomcat-8.5.79.tar.gz
2.停止tomcat服务，备份源tomcat文件夹只tomcat_bak目录
/usr/local/tomcat/bin/catalina.sh stop
mv tomcat tomcat_bak
3.解压tomcat
tar -axvf apache-tomcat-8.5.79.tar.gz
4.拷贝文件至/usr/local目录下
cp apache-tomcat-8.5.79 /usr/local/
5.替换tomcat相关文件 server.xml web.xml catalina.sh logs
cp /usr/loca/tomcat_bak/conf/{server.xml,web.xml,tomcat-users.xml,tomcat-users.xsd} /usr/local/apache-tomcat-8.5.79/conf/
cp /usr/loca/tomcat_bak/bin/catalina.sh /usr/local/apache-tomcat-8.5.79/bin/
cp /usr/loca/tomcat_bak/logs /usr/local/apache-tomcat-8.5.79/
6.重命名apache-tomcat-8.5.79文件夹为tomcat
mv apache-tomcat-8.5.79 tomcat
7.注释掉配置文件中的AJP协议
vim server.xml