tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From peter lin <peter....@labs.gte.com>
Subject Re: Security - Attack
Date Thu, 13 Jun 2002 12:31:43 GMT

apache and tomcat aren't vulnerable, but putting up a firewall to block
the IP might be a good idea. For my own server I zone alarm pro, which
will block IP trying this exact type of exploit.

peter


Laura wrote:
> 
> Hi all,
> 
> well I have, in my opinion, a very interesting question.
> 
> Last week we went in a production enviroment: we have apache + tomcat with an important
web application xxx (http.conf has JkMount /xxx worker).
> 
> Well, this morning I have discovered that somebody has tried to attack my server: in
the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/.....,
and so on.
> 
> My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure?
( my machine is a solaris 8).
> 
> Thanks
> 
> Laura

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message