tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
Date Thu, 15 May 2008 16:06:27 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter,

Peter Crowther wrote:
|> From: Christopher Schultz [mailto:chris@christopherschultz.net]
|> <tents fingers>The internal IP address of the server is ...
|> 192.168.1.100! Nobody would have ever guessed that!
|> Excellent! Now I can
|> take over the world! Muahahaha!</tents fingers>
|
| *Chuckle*  Chris, all you need now is the white cat and the secret
base in the garden shed.
|
| You might not be able to take over the world, but you might be able
| to take over the server more easily if you can crack something else
| on the same internal network.

Absolutely, especially if there is either no firewall or one configured
poorly or a foolish TCP/IP stack, you could forge an internal IP address
as the source for a request that originates externally. If special
services (like SHUTDOWN) are accepted without authentication from local
addresses, you've got yourself a problem.

| The OP's correct that it's an information disclosure vulnerability,
| though I'm not sure whether it's present in Tomcat's error pages.
| Certainly if you're going through the checklist of "generic" vuls so
| that you can demonstrate your installation is hardened against those
| attacks, it's fair to ask whether Tomcat's susceptible.

I just couldn't resist.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgsX4MACgkQ9CaO5/Lv0PCiUACfVisrtn47r3oOE4GNJ1mtrhr3
TosAn3/yJmSbIKJGVGkrxKbQHLifaXAa
=vrU/
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message