tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "pero" <p...@antaramusic.de>
Subject RE: security issue!
Date Thu, 24 Jan 2002 17:21:46 GMT
looks like good old nimda. but it does not affect your tomcat, since it
only attacks iis on win-systems

> -----Original Message-----
> From: Henry Lu [mailto:zhlu@med.umich.edu]
> Sent: Thursday, January 24, 2002 6:16 PM
> To: tomcat-user@jakarta.apache.org
> Subject: security issue!
> 
> 
> In the CATALINA_HOME/logs/catalina_log.2002-01-24.txt file, there 
> are a lot of
> log information like the followings:
> 
> 2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI: 
> '/scripts/..%255c../winnt/system32/cmd.exe'
> 2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI: 
> '/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe'
> 2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI: 
> '/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe'
> 2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI: 
> '/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c
> ../winnt/system32/cmd.exe'
> 2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI: 
> '/scripts/..%c0%2f../winnt/system32/cmd.exe'
> 2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI: 
> '/scripts/..%25%35%63../winnt/system32/cmd.exe'
> 2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI: 
> '/scripts/..%252f../winnt/system32/cmd.exe'
> 
> Are these from the Tomcat 4.o internal?
> Are these from the out side hacker?
> What we can do to prevent from these happen?
> Can we use Valve? How?
> 
> Thanks, Henry
> 
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message