tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kwok Peng Tuck <pengt...@makmal.net>
Subject Re: [OT] Some one executing windows commands in Tomcat 4.1.18.
Date Tue, 12 Aug 2003 08:32:41 GMT
It's in the intranet right ? Should be easy to track down :)

Antony paul wrote:

>Hello,
>    I have Tomcat standalone running on a local Intranet. The server is
>windows 2000 SP2. Today while checking the access log files I found the
>following lines
>xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET /scripts/root.exe?/c+dir
>HTTP/1.0" 404 716
>xx.xx.xx.xx - - [11/Aug/2003:09:47:43 5050] "GET /MSADC/root.exe?/c+dir
>HTTP/1.0" 404 710
>
>What does this mean ? Is there any vulnerability in Tomcat or this
>combination ?. I have uncommented the invoker servlet in web.xml. Is it
>creating the problem ?.
>
>regards
>Antony Paul
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>  
>


Mime
View raw message