tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Turner <>
Subject Re: [OT] Some one executing windows commands in Tomcat 4.1.18.
Date Tue, 12 Aug 2003 12:13:52 GMT

Then contact your ISP's abuse center and tell them that a machine on 
their network is infected.  That's the only way it will go away, 
otherwise you will keep seeing it.


Antony paul wrote:

> Althoug it is an intranet application Tomcat is listening on the public IP
> address accessible from internet(temporary arrangement) and the IP address
> in the log is out side the intranet but of same ISP. The IIS is not running
> but we have some other web server program(probably apache) which listens on
> this IP address.
> ----- Original Message -----
> From: "Ralph Einfeldt" <>
> To: "Tomcat Users List" <>
> Sent: Tuesday, August 12, 2003 2:08 PM
> Subject: RE: [OT] Some one executing windows commands in Tomcat 4.1.18.
> There is someone from xx.xx.xx.xx trying to use an IIS
> vulnerability. If it's realy intranet your admin should
> have a look at the offending pc if it is infected by a
> virus. (Not shure out of the head if this is nimda, code
> red or what else)
> This vulnerability is not affecting tomcat.

View raw message