Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4C301DEEB for ; Wed, 19 Sep 2012 12:20:08 +0000 (UTC) Received: (qmail 68994 invoked by uid 500); 19 Sep 2012 12:20:05 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 68795 invoked by uid 500); 19 Sep 2012 12:20:04 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 68780 invoked by uid 99); 19 Sep 2012 12:20:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Sep 2012 12:20:04 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [208.91.2.13] (HELO smtp-outbound-2.vmware.com) (208.91.2.13) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Sep 2012 12:19:58 +0000 Received: from sc9-mailhost2.vmware.com (sc9-mailhost2.vmware.com [10.113.161.72]) by smtp-outbound-2.vmware.com (Postfix) with ESMTP id 8099E2823D for ; Wed, 19 Sep 2012 05:19:37 -0700 (PDT) Received: from zimbra-prod-mta-1.vmware.com (zimbra-prod-mta-1.vmware.com [10.113.160.173]) by sc9-mailhost2.vmware.com (Postfix) with ESMTP id 7C605B00BE for ; Wed, 19 Sep 2012 05:19:37 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbra-prod-mta-1.vmware.com (Postfix) with ESMTP id 77AC062648 for ; Wed, 19 Sep 2012 05:19:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra-prod-mta-1.vmware.com Received: from zimbra-prod-mta-1.vmware.com ([127.0.0.1]) by localhost (zimbra-prod-mta-1.vmware.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IYlDUU4je7fJ for ; Wed, 19 Sep 2012 05:19:37 -0700 (PDT) Received: from [10.113.228.241] (unknown [10.113.160.14]) by zimbra-prod-mta-1.vmware.com (Postfix) with ESMTPSA id 12038622EA for ; Wed, 19 Sep 2012 05:19:36 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Apple Message framework v1280) Subject: Re: exploting tomcat vulnerability with example From: Daniel Mikusa In-Reply-To: <50598A17.5030205@gmail.com> Date: Wed, 19 Sep 2012 08:19:36 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <8101CC66-08E6-418A-B7CC-D5E344C91C7E@vmware.com> References: <50598A17.5030205@gmail.com> To: "Tomcat Users List" X-Mailer: Apple Mail (2.1280) X-Virus-Checked: Checked by ClamAV on apache.org On Sep 19, 2012, at 5:02 AM, Ragini wrote: > Hi all, >=20 > For my research work I want to have different attacking scenarios = which exploits vulnerability of JAVA based applications. This java = applications can be just any web-application, desktopapplication or any = other. >=20 > For this, I was thinking to exploit vulnerabilities of tomcat itself = (because it is in java). I went through different vulnerabilities of = different versions of tomcat on apache tomcat's official site. They have = provided information about what is the vulnerability and what is its = consequences. >=20 > But I am looking for some real time example by which I can exhibit the = exploitation of tomcat=92s vulnerability. The version of the tomcat can = be just any. I would like to try vulnerabilities like authentication = bypass, information disclosure or some other which really compromises = the security. Try looking at Metasploit. =20 Dan > Could anybody please suggest some source where I can get step by step = information about exploiting tomcat=92s vulnerability with example ? It = would be nice if the example web application used for exploitation is = also in java. >=20 > I would really appreciate your any kind of help regarding this. >=20 > Thanks. >=20 > Richa. >=20 > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org