tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Bug 51698 - ajp CPing/Forward-Request packet forgery
Date Fri, 02 Sep 2011 13:17:33 GMT
On 02/09/2011 14:12, Edward Quick wrote:
> Hi there,
> 
> I was testing out the packet forgery example (at https://issues.apache.org/bugzilla/show_bug.cgi?id=51698)
> to see if my site was vulnerable and got the following results.
> I'm not sure looking at the code comments in ForwardRequestForgeryExample.java
> if the output below means it's vulnerable and what exactly that exploited.

Yes, you are vulnerable.

The attack exploits a bug in the AJP connector you have configured.

> Could someone give me a hand please?

See above.

Mark

> 
> Thanks,
> 
> Ed.
> 
> C:>java -cp . ForwardRequestForgeryExample
> Sending AJP Forward-Request Packet...
> End
> 
> $ tail -f catalina.out
> Invoke HelloWorldExample.doPost method:
> -------------------------------------------
> Host: my.evil-site.com
> RemoteAddr: 1.2.3.4
> LocalPort: 999
> woo: I am here
> 
> 
> 
> 
> 
> ________________________________
> The information contained in this email is strictly confidential and for the use of the
addressee only, unless otherwise indicated. If you are not the intended recipient, please
do not read, copy, use or disclose to others this message or any attachment. Please also notify
the sender by replying to this email or by telephone (+44 (0)20 7896 0011) and then delete
the email and any copies of it. Opinions, conclusions (etc) that do not relate to the official
business of this company shall be understood as neither given nor endorsed by it. IG Group
Holdings plc is a company registered in England and Wales under number 01190902. VAT registration
number 761 2978 07. Registered Office: Cannon Bridge House, 25 Dowgate Hill, London EC4R 2YA.
Authorised and regulated by the Financial Services Authority. FSA Register number 114059.
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message