tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Clark <acl...@intellicominc.com>
Subject RE: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP Port
Date Fri, 25 Jun 2010 20:49:02 GMT
Do you think its more likey that its a bug in the OS, or the server has been comprimised.


Aaron K. Clark
A+, Network+, CCNA
Intellicom, Inc
aclark@intellicominc.com
308-237-0684 x228 (Office)
308-440-5500 (Cell)
1700 2nd Ave
Kearney, Ne 68847
________________________________________
From: André Warnier [aw@ice-sa.com]
Sent: Friday, June 25, 2010 3:47 PM
To: Tomcat Users List
Subject: Re: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP Port

Konstantin Kolinko wrote:
> 2010/6/23 Aaron Clark <aclark@intellicominc.com>:
>> 1) Terminal Services starts listening on port 80 instead of 3380
>>
>> 2) We determined this by disabling Tomcat. The problem stopped. This is happening
on their website, so we would know it happens because customers would call in saying the website
is down.
>>
>> 3) Right now (before the switch) it is showing tomcat running on 80 and svchost running
on 3389. I haven't run this command after the switch yet.
>>
>>
>> 4) Tomcat is what runs on port 80, yes.
>>
>
> Are access logs enabled on that system? What happens with Tomcat when
> this happens (is it down and unable to start?) I doubt that this
> change might happen while Tomcat still runs. Is the system property
> secured? E.g. such trivial issue as CVE-2009-3548
>
> http://tomcat.apache.org/security-6.html
>
Aaron,
to insist :
- there is no way for a process (RDP) to tell the Operating System (Windows), something
like "change the port number of my listening socket to xxx".  Such a call does not exist.
- there is no way for a process to tell the OS "change the listening port number xxx of
process yyy to zzz". Such a call does not exist.
- Tomcat itself (nor the JVM that actually runs Tomcat) does not contain code that would
even try to do that.

But a rogue webapp running under Tomcat /might/ contain code that helps a hacker into
doing something like that.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

CONFIDENTIALITY NOTICE: This communication and any files or attachments transmitted with it
may contain information that is confidential, privileged and exempt from disclosure under
applicable law. It is intended solely for the use of the intended recipient. If you are not
the intended recipient, you are hereby notified that any unauthorized review, use, disclosure,
dissemination, or copying of this communication is strictly prohibited. If you have received
this communication in error, please notify the sender by reply E-mail and destroy all copies
of the original message. Additionally, we will take the appropriate action to avoid sending
you an unintended E-mail in the future. Thank you for your cooperation.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message