tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raphael Kuriyan" <rkthat...@yahoo.com>
Subject Re: Is someone attempting to hack my server's tomcat 3.2.3?
Date Mon, 06 Aug 2001 09:16:56 GMT
this is a worm called CodeRed that attacks IIS webservers.

see
http://www.eeye.com/html/Research/Advisories/AL20010717.html

Raphael.

----- Original Message -----
From: "Kasnol (2001)" <kasnol2001@hotmail.com>
To: <tomcat-user@jakarta.apache.org>
Sent: Sunday, August 05, 2001 8:02 PM
Subject: Is someone attempting to hack my server's tomcat 3.2.3?


Hello all,

I am using tomcat 3.2.3, windows 2000 professional at my home, upon
occasional inspection of my tomcat log,  an intresting, strange error is
observed and enclosed below. I only can caputure 200 lines from my log
screen, but below is the best bit of the tomcat output. The full version is
appended below to my message:

Parse error, missing : in  ccept: */*
t
Full  GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0
Content-type: text/xmlHOST:www.worm.com Accept: */*
trol: bypass-client=202.156.138.27
Connection: closeVia: 1.0 <STIX>HHCE3X-Forwarded-For: 202.156.138.27

I can tell that someone is trying to access via GET method, and
default.ida(?) or  is it downloading somestuff somewhere in the net?

I believe it can be somehow related to the recent worm scare at win2k.
Is someone trying to implant a worm in my computer, or is this something
tomcat, win2k,  is vulnerable to ?
I haven't seen anything wrong with my computer yet... but I guess I should
start a full visurs scan

Thankx!
Any help/light is appreciated
Regards
Kas

/***************************** Log Description ***************************/
2001-08-05 19:53:07 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

Parse error, missing : in  ccept: */*
t
Full  GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0
Content-type: text/xmlHOST:www.worm.com Accept: */*
trol: bypass-client=202.156.138.27Connection: closeVia: 1.0
<STIX>HHCE3X-Forward
ed-For: 202.156.138.27

2001-08-05 19:55:27 - Ctx(  ): 404 R(  + /default.ida + null) null
2001-08-05 20:10:54 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 20:23:28 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 20:29:41 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 20:52:17 - ContextManager: SocketException reading request,
ignored -
 java.net.SocketException: Connection reset by peer: JVM_recv in socket
input st
ream read
        at java.net.SocketInputStream.socketRead(Native Method)
        at java.net.SocketInputStream.read(SocketInputStream.java:86)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
        at
org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA
dapter.java:115)
        at
org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ
letInputStream.java:106)
        at
org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle
tInputStream.java:128)
        at
javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138
)
        at
org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt
pRequestAdapter.java:129)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:198)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:11:37 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:14:54 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:16:17 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:22:47 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:25:25 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:29:39 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:43:10 - ContextManager: SocketException reading request,
ignored -
 java.net.SocketException: Connection reset by peer: JVM_recv in socket
input st
ream read
        at java.net.SocketInputStream.socketRead(Native Method)
        at java.net.SocketInputStream.read(SocketInputStream.java:86)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
        at
org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA
dapter.java:115)
        at
org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ
letInputStream.java:106)
        at
org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle
tInputStream.java:128)
        at
javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138
)
        at
org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt
pRequestAdapter.java:129)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:198)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:52:23 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:56:15 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 21:58:14 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)

2001-08-05 22:08:40 - ContextManager: Error reading request, ignored -
java.lang
.NumberFormatException: 3379
        at java.lang.Integer.parseInt(Integer.java:423)
        at java.lang.Integer.parseInt(Integer.java:463)
        at
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
284)
        at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
n(HttpConnectionHandler.java:200)
        at
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
        at java.lang.Thread.run(Thread.java:484)


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


Mime
View raw message