tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lorenzo Jiménez <ljime...@nacion.co.cr>
Subject Information on a hacked tomcat 5
Date Wed, 13 Apr 2005 20:18:56 GMT

Hi,

If someone in the net, found out, by any reason, our admin or manager user and password, what
resources he can get besides turn on/off the apps, looking tomcat-users.xml?

Can he/she get info on the application context.xml like database user and passwords?
Can he/she deploy an exe or script for converting a server in a zombie?
Change the server init scripts?
Change the root password?

Thanks very much,

Lorenzo Jimenez







-------------------------------------------------------------

Si usted no es el destinatario indicado en este mensaje o responsable como persona 
de la entrega del mensaje, no debe copiar o reenviar este mensaje, por favor notifique 
al correo infosegura@nacion.com. Para más referencia sobre términos importantes 
relacionados a este correo visite http://www.nacion.com/disclaimer/index_es2.htm

If you are not the addressee indicated in this message (or responsible for delivery of the

message to such person), you may not copy or send this message to anyone, please notify
to infosegura@nacion.com. Click here for important additional terms relating to this e-mail.

<http://www.nacion.com/disclaimer/index_en2.htm>

-------------------------------------------------------------



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message