tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Teter <mte...@1scom.net>
Subject Re: [OT] Some one executing windows commands in Tomcat 4.1.18.
Date Tue, 12 Aug 2003 09:31:01 GMT
This is the age old IIS worm working its magic.  It's either Code Red or 
Code Red 2 or whatever.

In any case, you can safely ignore it if Tomcat is the one reporting it. 
  And unfortunately, you're unlikely to get anywhere by trying to 
contact the offending server owner or ISP.

Just ignore it, as long as you're not using IIS, or you have IIS patched up.

MT

Antony paul wrote:
> Althoug it is an intranet application Tomcat is listening on the public IP
> address accessible from internet(temporary arrangement) and the IP address
> in the log is out side the intranet but of same ISP. The IIS is not running
> but we have some other web server program(probably apache) which listens on
> this IP address.
> ----- Original Message -----
> From: "Ralph Einfeldt" <ralph.einfeldt@uptime-isc.de>
> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> Sent: Tuesday, August 12, 2003 2:08 PM
> Subject: RE: [OT] Some one executing windows commands in Tomcat 4.1.18.
> 
> 
> There is someone from xx.xx.xx.xx trying to use an IIS
> vulnerability. If it's realy intranet your admin should
> have a look at the offending pc if it is infected by a
> virus. (Not shure out of the head if this is nimda, code
> red or what else)
> 
> This vulnerability is not affecting tomcat.
> 
> 
>>-----Original Message-----
>>From: Antony paul [mailto:antonypaul24@hotmail.com]
>>Sent: Monday, August 11, 2003 2:11 PM
>>To: tomcat mail list
>>Subject: [OT] Some one executing windows commands in Tomcat 4.1.18.
>>
>>
>>    I have Tomcat standalone running on a local Intranet. The
>>server is
>>windows 2000 SP2. Today while checking the access log files I
>>found the following lines
>>xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET
>>/scripts/root.exe?/c+dir
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 



Mime
View raw message