Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BD49FFE08 for ; Thu, 11 Apr 2013 21:26:55 +0000 (UTC) Received: (qmail 48430 invoked by uid 500); 11 Apr 2013 21:26:52 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 48361 invoked by uid 500); 11 Apr 2013 21:26:52 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 48352 invoked by uid 99); 11 Apr 2013 21:26:52 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Apr 2013 21:26:52 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of knst.kolinko@gmail.com designates 209.85.219.47 as permitted sender) Received: from [209.85.219.47] (HELO mail-oa0-f47.google.com) (209.85.219.47) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Apr 2013 21:26:46 +0000 Received: by mail-oa0-f47.google.com with SMTP id o17so1921020oag.20 for ; Thu, 11 Apr 2013 14:26:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=K27BMmqKRxaIVpQrnDrVChBQ2DIqrQPZ+aYZIZ4oHgA=; b=kQPjDySYJUwvSEg1ZD3aVbgZ1ypDX+szJEtZPqQVHz5yuxXPk2BIdO8IED8Rwl8qNd ofwOi024+WjVFs+OG74Wd5cMpknPpD32KJSHBi6RhpyDagCBUtWGA2SoWMgnbay67eku e60fq0CCPJBJTfsGSHja6whxJvniy7aKAcocGHFvS07Lv6NREbOnfYIFqnXuDstgDsRf 1mOhuk12EHcBpX3syBl2jWfvO13Es80fW1skeAtpQ7tJ81J0HVDPiZB4glb7M8zDCDWU 6fgUpCDraHyEDWEbcG12oqkRqTW2FA+QnOZZatYA6rLJGNNLWhW0wpt8SBt/zcAT+ASN icsA== MIME-Version: 1.0 X-Received: by 10.60.94.9 with SMTP id cy9mr1347939oeb.58.1365715585851; Thu, 11 Apr 2013 14:26:25 -0700 (PDT) Received: by 10.76.153.38 with HTTP; Thu, 11 Apr 2013 14:26:25 -0700 (PDT) In-Reply-To: <51671EC1.1000305@christopherschultz.net> References: <99C8B2929B39C24493377AC7A121E21FC4A7CE620C@USEA-EXCH8.na.uis.unisys.com> <51671EC1.1000305@christopherschultz.net> Date: Fri, 12 Apr 2013 01:26:25 +0400 Message-ID: Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404 From: Konstantin Kolinko To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org 2013/4/12 Christopher Schultz : > >> The attacker installed a viral servlet application that killed the >> server completely, we had to rebuild it. > > I -- like most people I would guess -- don't run under a > SecurityManager, but doing so can significantly limit the damage that > a rogue webapp can do. > If you do not trust your applications then it is recommended to run with . http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html#Host I think there are not enough checks in place to avoid abuse if webapp is able to provide its own context.xml file, even if you run with a SecurityManager. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org