You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Arend P. van der Veen" <ap...@att.net> on 2007/09/11 22:39:28 UTC
PHP Security Vulnerability???
Hi,
I recently setup a server using Tomcat 5.5 on FreeBSD 6.2. I thought I
had everything locked down.
I run a nessus scan and found a strange Vulnerability. It says that states:
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
I am not using PHP. Has anyone else seen this?
Thanks,
Arend
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PHP Security Vulnerability???
Posted by "Arend P. van der Veen" <ap...@acm.org>.
Wade Chandler wrote:
> --- "Arend P. van der Veen" <ap...@acm.org> wrote:
> ...
>>>> Hi,
>>>>
>>>> This turned out to be a false positive.
>>>>
>>>> I use /cgi-bin as a url-pattern for a servlet mapping:
>>>>
>>>> <servlet-mapping>
>>>> <servlet-name>ProxyServlet</servlet-name>
>>>> <url-pattern>/cgi-bin/*</url-pattern>
>>>> </servlet-mapping>
>>>>
>>>> I essentially was sending references to cgi-bin to apache listening on
>>>> the loopback. I also set a security-constraint for this url-pattern.
>>>> Finally, I set the login-conf to form based authentication. When Nessus
>>>> tried to access URL such s /cgi-bin/phpinfo.pgp it returned an http
>>>> error of 200 even though it did not exist. Not sure why. But Nessus
>>>> assumed that the 200 meant that it existed. When I switched the login
>>>> configuration to basic authentication the problem went away. This had
>>>> something to do with form based authentication.
>>>>
>>>> A finally found that if a simply changing the URL binding to from
>>>> cgi-bin to xyz. Now with form based authentication everything works.
>>>>
>>>> Thanks,
>>>> Arend
>>>>
> ...
>> Hi Martin,
>>
>> I can supply you a couple of things:
>>
>> 1. Tomcat access logs showing the Nessus attack that generated the problem.
>> 2. A detailed description of my configuration that generated the error
>> and what I did to fix it.
>> 3. A sample app that generates the problem.
>> 4. All of the above.
>>
>> Please let me know what you want and I will forward it to you.
>>
>> Thanks,
>> Arend
>>
>
> I meant to write before, and it slipped my mind. The reason this occurs with form based
> authentication is because form based authentication is a pure server side thing. It doesn't tell
> the client...oh hey, by the way, I'm going to need you to authenticate. Instead it sends back an
> actual web page which happens to ask the user to login. So, the scanner tried to hit the URL it
> thought would have phpinfo (anything else under that path should give the same results), and it
> did in fact get returned a valid HTML page, yet not anything related to phpinfo. This sounds like
> a bug in the scanner though as it should analyze the return and not whether something was just
> returned or not. Someone might have their server setup to return a page which explains this is not
> available if on an external NIC port and if on an internal one to return the actual phpinfo.
>
> Wade
>
>
> ==================
> Wade Chandler
> Software Engineer and Developer
>
> Netbeans Community and Dream Team Member:
> http://wiki.netbeans.org/wiki/view/NetBeansDreamTeam
>
> Check out Netbeans at:
> http://www.netbeans.org
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
This matches what I see. Can I relay some of this information to Nessus
in a bug report? Thanks for your help.
Arend
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PHP Security Vulnerability???
Posted by Wade Chandler <hw...@yahoo.com>.
--- "Arend P. van der Veen" <ap...@acm.org> wrote:
...
> >>>>
> >> Hi,
> >>
> >> This turned out to be a false positive.
> >>
> >> I use /cgi-bin as a url-pattern for a servlet mapping:
> >>
> >> <servlet-mapping>
> >> <servlet-name>ProxyServlet</servlet-name>
> >> <url-pattern>/cgi-bin/*</url-pattern>
> >> </servlet-mapping>
> >>
> >> I essentially was sending references to cgi-bin to apache listening on
> >> the loopback. I also set a security-constraint for this url-pattern.
> >> Finally, I set the login-conf to form based authentication. When Nessus
> >> tried to access URL such s /cgi-bin/phpinfo.pgp it returned an http
> >> error of 200 even though it did not exist. Not sure why. But Nessus
> >> assumed that the 200 meant that it existed. When I switched the login
> >> configuration to basic authentication the problem went away. This had
> >> something to do with form based authentication.
> >>
> >> A finally found that if a simply changing the URL binding to from
> >> cgi-bin to xyz. Now with form based authentication everything works.
> >>
> >> Thanks,
> >> Arend
> >>
...
> Hi Martin,
>
> I can supply you a couple of things:
>
> 1. Tomcat access logs showing the Nessus attack that generated the problem.
> 2. A detailed description of my configuration that generated the error
> and what I did to fix it.
> 3. A sample app that generates the problem.
> 4. All of the above.
>
> Please let me know what you want and I will forward it to you.
>
> Thanks,
> Arend
>
I meant to write before, and it slipped my mind. The reason this occurs with form based
authentication is because form based authentication is a pure server side thing. It doesn't tell
the client...oh hey, by the way, I'm going to need you to authenticate. Instead it sends back an
actual web page which happens to ask the user to login. So, the scanner tried to hit the URL it
thought would have phpinfo (anything else under that path should give the same results), and it
did in fact get returned a valid HTML page, yet not anything related to phpinfo. This sounds like
a bug in the scanner though as it should analyze the return and not whether something was just
returned or not. Someone might have their server setup to return a page which explains this is not
available if on an external NIC port and if on an internal one to return the actual phpinfo.
Wade
==================
Wade Chandler
Software Engineer and Developer
Netbeans Community and Dream Team Member:
http://wiki.netbeans.org/wiki/view/NetBeansDreamTeam
Check out Netbeans at:
http://www.netbeans.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PHP Security Vulnerability???
Posted by "Arend P. van der Veen" <ap...@acm.org>.
Martin Gainty wrote:
> Good Evening Aren
>
> Do you have data on this 'magic_quotes_gpc' vulnerability
> Thanks for the headsup--
>
> Martin--
> ----- Original Message -----
> From: "Arend P. van der Veen" <ap...@att.net>
> To: "Tomcat Users List" <us...@tomcat.apache.org>
> Sent: Friday, September 14, 2007 11:14 PM
> Subject: Re: PHP Security Vulnerability???
>
>
>> Joseph Millet wrote:
>>> you've must have got a phpinfo() page running somewhere ....
>>> you can grep your www directory for that one ...
>>>
>>> JJ
>>>
>>> On 9/12/07, Arend P. van der Veen <ap...@att.net> wrote:
>>>> Wade Chandler wrote:
>>>>> Does it give you any paths to this PHP application? I haven't seen
>>>> anything like it from scanners
>>>>> on my server.
>>>>>
>>>>> Wade
>>>>>
>>>>> --- "Arend P. van der Veen" <ap...@att.net> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I recently setup a server using Tomcat 5.5 on FreeBSD 6.2. I thought
> I
>>>>>> had everything locked down.
>>>>>>
>>>>>> I run a nessus scan and found a strange Vulnerability. It says that
>>>> states:
>>>>>> The remote web server contains a PHP application that is affected by
>>>>>> multiple vulnerabilities.
>>>>>>
>>>>>> I am not using PHP. Has anyone else seen this?
>>>>>>
>>>>>> Thanks,
>>>>>> Arend
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>> Hi Wade,
>>>>
>>>> I have tomcat sitting on 127.0.0.1:8080 (http) and 127.0.0.1:8081
>>>> (https) and use ipfw to forward from port 80 and 443 respectively.
> Could
>>>> this part of my problem? I am wondering if this is some kind of false
>>>> positive. Following is an excerpt from the Nessus Scan Report:
>>>>
>>>> ******************************************************************
>>>> Synopsis :
>>>>
>>>> The remote web server contains a PHP application that is affected by
>>>> multiple vulnerabilities.
>>>>
>>>> Description :
>>>>
>>>> The remote host is running phpSysInfo, a PHP application that parses
>>>> the /proc entries on Linux/Unix systems and displays them in HTML.
>>>>
>>>> The installed version of phpSysInfo on the remote host has a design
>>>> flaw in its globalization layer such that the script's variables can
>>>> be overwritten independent of PHP's 'register_globals' setting. By
>>>> exploiting this issue, an attacker may be able to read arbitrary files
>>>> on the remote host (if PHP's 'magic_quotes_gpc' setting is off) and
>>>> even execute arbitrary PHP code, both subject to the privileges of the
>>>> web server user id.
>>>>
>>>> In addition, the application fails to sanitize user-supplied input
>>>> before using it in dynamically-generated pages, which can be used to
>>>> conduct cross-site scripting and HTTP response splitting attacks.
>>>>
>>>> See also :
>>>>
>>>> http://www.hardened-php.net/advisory_222005.81.html
>>>>
>>>> Solution :
>>>>
>>>> Upgrade to phpSysInfo 2.4.1 or later.
>>>>
>>>> Risk factor :
>>>>
>>>> Low / CVSS Base Score : 2.3
>>>> (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
>>>> CVE : CVE-2003-0536, CVE-2005-0870, CVE-2005-3347, CVE-2005-3348
>>>> BID : 7286, 15396, 15414
>>>> Nessus ID : 20215
>>>> ***********************************************************************
>>>>
>>>> Thanks,
>>>> Arens
>>>>
>>>> ---------------------------------------------------------------------
>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>> Hi,
>>
>> This turned out to be a false positive.
>>
>> I use /cgi-bin as a url-pattern for a servlet mapping:
>>
>> <servlet-mapping>
>> <servlet-name>ProxyServlet</servlet-name>
>> <url-pattern>/cgi-bin/*</url-pattern>
>> </servlet-mapping>
>>
>> I essentially was sending references to cgi-bin to apache listening on
>> the loopback. I also set a security-constraint for this url-pattern.
>> Finally, I set the login-conf to form based authentication. When Nessus
>> tried to access URL such s /cgi-bin/phpinfo.pgp it returned an http
>> error of 200 even though it did not exist. Not sure why. But Nessus
>> assumed that the 200 meant that it existed. When I switched the login
>> configuration to basic authentication the problem went away. This had
>> something to do with form based authentication.
>>
>> A finally found that if a simply changing the URL binding to from
>> cgi-bin to xyz. Now with form based authentication everything works.
>>
>> Thanks,
>> Arend
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Hi Martin,
I can supply you a couple of things:
1. Tomcat access logs showing the Nessus attack that generated the problem.
2. A detailed description of my configuration that generated the error
and what I did to fix it.
3. A sample app that generates the problem.
4. All of the above.
Please let me know what you want and I will forward it to you.
Thanks,
Arend
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PHP Security Vulnerability???
Posted by "Arend P. van der Veen" <ap...@att.net>.
Joseph Millet wrote:
> you've must have got a phpinfo() page running somewhere ....
> you can grep your www directory for that one ...
>
> JJ
>
> On 9/12/07, Arend P. van der Veen <ap...@att.net> wrote:
>> Wade Chandler wrote:
>>> Does it give you any paths to this PHP application? I haven't seen
>> anything like it from scanners
>>> on my server.
>>>
>>> Wade
>>>
>>> --- "Arend P. van der Veen" <ap...@att.net> wrote:
>>>
>>>> Hi,
>>>>
>>>> I recently setup a server using Tomcat 5.5 on FreeBSD 6.2. I thought I
>>>> had everything locked down.
>>>>
>>>> I run a nessus scan and found a strange Vulnerability. It says that
>> states:
>>>> The remote web server contains a PHP application that is affected by
>>>> multiple vulnerabilities.
>>>>
>>>> I am not using PHP. Has anyone else seen this?
>>>>
>>>> Thanks,
>>>> Arend
>>>>
>>>> ---------------------------------------------------------------------
>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>> Hi Wade,
>>
>> I have tomcat sitting on 127.0.0.1:8080 (http) and 127.0.0.1:8081
>> (https) and use ipfw to forward from port 80 and 443 respectively. Could
>> this part of my problem? I am wondering if this is some kind of false
>> positive. Following is an excerpt from the Nessus Scan Report:
>>
>> ******************************************************************
>> Synopsis :
>>
>> The remote web server contains a PHP application that is affected by
>> multiple vulnerabilities.
>>
>> Description :
>>
>> The remote host is running phpSysInfo, a PHP application that parses
>> the /proc entries on Linux/Unix systems and displays them in HTML.
>>
>> The installed version of phpSysInfo on the remote host has a design
>> flaw in its globalization layer such that the script's variables can
>> be overwritten independent of PHP's 'register_globals' setting. By
>> exploiting this issue, an attacker may be able to read arbitrary files
>> on the remote host (if PHP's 'magic_quotes_gpc' setting is off) and
>> even execute arbitrary PHP code, both subject to the privileges of the
>> web server user id.
>>
>> In addition, the application fails to sanitize user-supplied input
>> before using it in dynamically-generated pages, which can be used to
>> conduct cross-site scripting and HTTP response splitting attacks.
>>
>> See also :
>>
>> http://www.hardened-php.net/advisory_222005.81.html
>>
>> Solution :
>>
>> Upgrade to phpSysInfo 2.4.1 or later.
>>
>> Risk factor :
>>
>> Low / CVSS Base Score : 2.3
>> (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
>> CVE : CVE-2003-0536, CVE-2005-0870, CVE-2005-3347, CVE-2005-3348
>> BID : 7286, 15396, 15414
>> Nessus ID : 20215
>> ***********************************************************************
>>
>> Thanks,
>> Arens
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
Hi,
This turned out to be a false positive.
I use /cgi-bin as a url-pattern for a servlet mapping:
<servlet-mapping>
<servlet-name>ProxyServlet</servlet-name>
<url-pattern>/cgi-bin/*</url-pattern>
</servlet-mapping>
I essentially was sending references to cgi-bin to apache listening on
the loopback. I also set a security-constraint for this url-pattern.
Finally, I set the login-conf to form based authentication. When Nessus
tried to access URL such s /cgi-bin/phpinfo.pgp it returned an http
error of 200 even though it did not exist. Not sure why. But Nessus
assumed that the 200 meant that it existed. When I switched the login
configuration to basic authentication the problem went away. This had
something to do with form based authentication.
A finally found that if a simply changing the URL binding to from
cgi-bin to xyz. Now with form based authentication everything works.
Thanks,
Arend
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PHP Security Vulnerability???
Posted by Joseph Millet <jo...@gmail.com>.
you've must have got a phpinfo() page running somewhere ....
you can grep your www directory for that one ...
JJ
On 9/12/07, Arend P. van der Veen <ap...@att.net> wrote:
>
> Wade Chandler wrote:
> > Does it give you any paths to this PHP application? I haven't seen
> anything like it from scanners
> > on my server.
> >
> > Wade
> >
> > --- "Arend P. van der Veen" <ap...@att.net> wrote:
> >
> >> Hi,
> >>
> >> I recently setup a server using Tomcat 5.5 on FreeBSD 6.2. I thought I
> >> had everything locked down.
> >>
> >> I run a nessus scan and found a strange Vulnerability. It says that
> states:
> >>
> >> The remote web server contains a PHP application that is affected by
> >> multiple vulnerabilities.
> >>
> >> I am not using PHP. Has anyone else seen this?
> >>
> >> Thanks,
> >> Arend
> >>
> >> ---------------------------------------------------------------------
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> Hi Wade,
>
> I have tomcat sitting on 127.0.0.1:8080 (http) and 127.0.0.1:8081
> (https) and use ipfw to forward from port 80 and 443 respectively. Could
> this part of my problem? I am wondering if this is some kind of false
> positive. Following is an excerpt from the Nessus Scan Report:
>
> ******************************************************************
> Synopsis :
>
> The remote web server contains a PHP application that is affected by
> multiple vulnerabilities.
>
> Description :
>
> The remote host is running phpSysInfo, a PHP application that parses
> the /proc entries on Linux/Unix systems and displays them in HTML.
>
> The installed version of phpSysInfo on the remote host has a design
> flaw in its globalization layer such that the script's variables can
> be overwritten independent of PHP's 'register_globals' setting. By
> exploiting this issue, an attacker may be able to read arbitrary files
> on the remote host (if PHP's 'magic_quotes_gpc' setting is off) and
> even execute arbitrary PHP code, both subject to the privileges of the
> web server user id.
>
> In addition, the application fails to sanitize user-supplied input
> before using it in dynamically-generated pages, which can be used to
> conduct cross-site scripting and HTTP response splitting attacks.
>
> See also :
>
> http://www.hardened-php.net/advisory_222005.81.html
>
> Solution :
>
> Upgrade to phpSysInfo 2.4.1 or later.
>
> Risk factor :
>
> Low / CVSS Base Score : 2.3
> (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
> CVE : CVE-2003-0536, CVE-2005-0870, CVE-2005-3347, CVE-2005-3348
> BID : 7286, 15396, 15414
> Nessus ID : 20215
> ***********************************************************************
>
> Thanks,
> Arens
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: PHP Security Vulnerability???
Posted by "Arend P. van der Veen" <ap...@att.net>.
Wade Chandler wrote:
> Does it give you any paths to this PHP application? I haven't seen anything like it from scanners
> on my server.
>
> Wade
>
> --- "Arend P. van der Veen" <ap...@att.net> wrote:
>
>> Hi,
>>
>> I recently setup a server using Tomcat 5.5 on FreeBSD 6.2. I thought I
>> had everything locked down.
>>
>> I run a nessus scan and found a strange Vulnerability. It says that states:
>>
>> The remote web server contains a PHP application that is affected by
>> multiple vulnerabilities.
>>
>> I am not using PHP. Has anyone else seen this?
>>
>> Thanks,
>> Arend
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Hi Wade,
I have tomcat sitting on 127.0.0.1:8080 (http) and 127.0.0.1:8081
(https) and use ipfw to forward from port 80 and 443 respectively. Could
this part of my problem? I am wondering if this is some kind of false
positive. Following is an excerpt from the Nessus Scan Report:
******************************************************************
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The remote host is running phpSysInfo, a PHP application that parses
the /proc entries on Linux/Unix systems and displays them in HTML.
The installed version of phpSysInfo on the remote host has a design
flaw in its globalization layer such that the script's variables can
be overwritten independent of PHP's 'register_globals' setting. By
exploiting this issue, an attacker may be able to read arbitrary files
on the remote host (if PHP's 'magic_quotes_gpc' setting is off) and
even execute arbitrary PHP code, both subject to the privileges of the
web server user id.
In addition, the application fails to sanitize user-supplied input
before using it in dynamically-generated pages, which can be used to
conduct cross-site scripting and HTTP response splitting attacks.
See also :
http://www.hardened-php.net/advisory_222005.81.html
Solution :
Upgrade to phpSysInfo 2.4.1 or later.
Risk factor :
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
CVE : CVE-2003-0536, CVE-2005-0870, CVE-2005-3347, CVE-2005-3348
BID : 7286, 15396, 15414
Nessus ID : 20215
***********************************************************************
Thanks,
Arens
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: PHP Security Vulnerability???
Posted by Wade Chandler <hw...@yahoo.com>.
Does it give you any paths to this PHP application? I haven't seen anything like it from scanners
on my server.
Wade
--- "Arend P. van der Veen" <ap...@att.net> wrote:
> Hi,
>
> I recently setup a server using Tomcat 5.5 on FreeBSD 6.2. I thought I
> had everything locked down.
>
> I run a nessus scan and found a strange Vulnerability. It says that states:
>
> The remote web server contains a PHP application that is affected by
> multiple vulnerabilities.
>
> I am not using PHP. Has anyone else seen this?
>
> Thanks,
> Arend
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org