tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Warren Bell <war...@clarksnutrition.com>
Subject Re: Possible virus uploaded to Tomcat 5.5.3
Date Sat, 09 Aug 2008 00:31:11 GMT
Mark Thomas wrote:
> Warren Bell wrote:
>> Mark Thomas wrote:
>>> Warren Bell wrote:
>>>> Mark Thomas wrote:
>>>>> - What other webapps are installed on the Tomcat instance?
>>>>
>>>> Several, they are all intranet apps that do not have any 
>>>> download/upload capabilities and there is no possible sql injection 
>>>> vulnerabilities either. And none of the apps execute any programs 
>>>> local to the server. 
>>>
>>> Hmm. No real idea yet but a few more questions.
>>>
>>> Is either the manager or the admin app installed?
>>
>> No
>
> OK, that rules out a few possibilities.
>
>>> From your comments you aren't using WebDAV at all. Is this correct?
>>
>> What is WebDA, some kind of anti-virus?
>
> It is a servlet that allows read/write of files on the server.
>
>>> Are all the apps on Tomcat accessible to the kiosks?
>>
>> Yes
>>
>>>
>>> Do you have any access logs from around the time the rogue pages 
>>> were installed?
>>
>> Maybe, the server is down, I am traveling to it right now to see if 
>> and how much damage this may have caused.
>
> Another thought occurs to me. If this server is only accessible via 
> the firewall and the firewall is locked down to just port 8080 how did 
> you get the source for the JSP you posted originally?

Through a VPN connection

>
> And from my other e-mail, are you using the invoker servlet at all?

No



>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


-- 
Thanks,

Warren Bell
909-645-8864
warren@clarksnutrition.com


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message