tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: SECURITY breach in Tomcat
Date Thu, 29 Jan 2009 10:41:46 GMT
Toby Kurien wrote:
> Seems like the infection was related to the loose (default) password
> of the manager app. I suppose changing that fixed the problem.

There is *no* default password for the manager application. You have to
configure it yourself.

If you have a Tomcat distribution that does have a default password for the
manager application please let us know where you got it from so we can try and
get that security hole in that non-Apache distro fixed.


> On Thu, Jan 22, 2009 at 4:26 PM, Toby Kurien <> wrote:
>> thanks. I only need ROOT and myApp (which is my application). I am the
>> developer, admin, everything. And yes, we moved between physical
>> server racks that actually host Virtual environments.
>> On Thu, Jan 22, 2009 at 3:15 PM, Gregor Schneider <> wrote:
>>>> Moving servers mean we moved it physically from one box to another. IP
>>>> and DNS stays the same when we move.
>>>> Btw: Can I take off all the apps from webapps, except ROOT and myApp?
>>>> Hacker or virus is probably exploiting some vulnerability in them. As
>>>> of now, tomcat is running after restarting the whole box, but I am
>>>> afraid if it will shutdown or crash.
>>> box == server-rack?
>>> Since I got no idea of your application's structure, I can't give you
>>> any advice of what to remove and what to keep.
>>> Just that much:
>>> ROOT.war ist the default application when you call your server i.e. at
>>> Provided myApp.war is a known application, *theoretically* it might be
>>> possible that it needs additional apps, if it uses servlet-chaing
>>> etc..
>>> It might be helpful if you could post the result of
>>> cd [Tomcat-Installation-Directory]
>>> dir -s
>>> The best method actually would be if you contact the developer of the
>>> application(s) hosted, ask them about what they expect within their
>>> application-directories and remove the rest.
>>> Toby, I'm afraid I'll have to call it a day now, however, since the
>>> guys from the US should be about to wake up after yesterday's
>>> inauguration-party, I'm pretty sure they will help you to get your
>>> feet back on the ground.
>>> I'll check the list tomorrow anyways.
>>> Good luck!
>>> Gregor
>>> --
>>> just because your paranoid, doesn't mean they're not after you...
>>> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
>>> gpgp-key available @
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
>>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message