tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Warren Bell <war...@clarksnutrition.com>
Subject Re: Possible virus uploaded to Tomcat 5.5.3
Date Fri, 08 Aug 2008 20:28:46 GMT
Mark Thomas wrote:
> Warren Bell wrote:
>> Mark Thomas wrote:
>>> - What other webapps are installed on the Tomcat instance?
>>
>> Several, they are all intranet apps that do not have any 
>> download/upload capabilities and there is no possible sql injection 
>> vulnerabilities either. And none of the apps execute any programs 
>> local to the server. 
>
> Hmm. No real idea yet but a few more questions.
>
> Is either the manager or the admin app installed?

No

>
> If yes, how strong is the password and what realm are you using?
>
> From your comments you aren't using WebDAV at all. Is this correct?

What is WebDA, some kind of anti-virus?

>
> Are all the apps on Tomcat accessible to the kiosks?

Yes

>
> Do you have any access logs from around the time the rogue pages were 
> installed?

Maybe, the server is down, I am traveling to it right now to see if and 
how much damage this may have caused.

>
> Cheers,
>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


-- 
Thanks,

Warren Bell
909-645-8864
warren@clarksnutrition.com


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message