tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul DuBois <p...@snake.net>
Subject RE: security issue!
Date Thu, 24 Jan 2002 17:52:45 GMT
At 12:28 -0500 1/24/02, Henry Lu wrote:
>I need a solution to orevent from its happenning!

You want to prevent a given client from issuing requests to your
site?

Good luck.

>
>Any ideas?
>
>Thanks,
>
>>>>  pero@antaramusic.de 01/24/02 12:21PM >>>
>looks like good old nimda. but it does not affect your tomcat, since it
>only attacks iis on win-systems
>
>>  -----Original Message-----
>>  From: Henry Lu [mailto:zhlu@med.umich.edu]
>>  Sent: Thursday, January 24, 2002 6:16 PM
>>  To: tomcat-user@jakarta.apache.org
>>  Subject: security issue!
>>
>>
>>  In the CATALINA_HOME/logs/catalina_log.2002-01-24.txt file, there
>>  are a lot of
>>  log information like the followings:
>>
>>  2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI:
>>  '/scripts/..%255c../winnt/system32/cmd.exe'
>>  2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI:
>>  '/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe'
>>  2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI:
>>  '/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe'
>>  2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI:
>>  '/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c
>>  ../winnt/system32/cmd.exe'
>>  2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI:
>>  '/scripts/..%c0%2f../winnt/system32/cmd.exe'
>>  2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI:
>>  '/scripts/..%25%35%63../winnt/system32/cmd.exe'
>>  2002-01-24 09:29:48 HttpProcessor[80][3]  Invalid request URI:
>>  '/scripts/..%252f../winnt/system32/cmd.exe'
>>
>>  Are these from the Tomcat 4.o internal?
>>  Are these from the out side hacker?
>>  What we can do to prevent from these happen?
>>  Can we use Valve? How?
>>
>  > Thanks, Henry

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message