tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP Port
Date Fri, 25 Jun 2010 19:47:00 GMT
Konstantin Kolinko wrote:
> 2010/6/23 Aaron Clark <aclark@intellicominc.com>:
>> 1) Terminal Services starts listening on port 80 instead of 3380
>>
>> 2) We determined this by disabling Tomcat. The problem stopped. This is happening
on their website, so we would know it happens because customers would call in saying the website
is down.
>>
>> 3) Right now (before the switch) it is showing tomcat running on 80 and svchost running
on 3389. I haven't run this command after the switch yet.
>>
>>
>> 4) Tomcat is what runs on port 80, yes.
>>
> 
> Are access logs enabled on that system? What happens with Tomcat when
> this happens (is it down and unable to start?) I doubt that this
> change might happen while Tomcat still runs. Is the system property
> secured? E.g. such trivial issue as CVE-2009-3548
> 
> http://tomcat.apache.org/security-6.html
> 
Aaron,
to insist :
- there is no way for a process (RDP) to tell the Operating System (Windows), something 
like "change the port number of my listening socket to xxx".  Such a call does not exist.
- there is no way for a process to tell the OS "change the listening port number xxx of 
process yyy to zzz". Such a call does not exist.
- Tomcat itself (nor the JVM that actually runs Tomcat) does not contain code that would 
even try to do that.

But a rogue webapp running under Tomcat /might/ contain code that helps a hacker into 
doing something like that.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message