You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Antony paul <an...@hotmail.com> on 2003/08/11 14:11:14 UTC
[OT] Some one executing windows commands in Tomcat 4.1.18.
Hello,
I have Tomcat standalone running on a local Intranet. The server is
windows 2000 SP2. Today while checking the access log files I found the
following lines
xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 716
xx.xx.xx.xx - - [11/Aug/2003:09:47:43 5050] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 710
What does this mean ? Is there any vulnerability in Tomcat or this
combination ?. I have uncommented the invoker servlet in web.xml. Is it
creating the problem ?.
regards
Antony Paul
Re: [OT] Some one executing windows commands in Tomcat 4.1.18.
Posted by Kwok Peng Tuck <pe...@makmal.net>.
It's in the intranet right ? Should be easy to track down :)
Antony paul wrote:
>Hello,
> I have Tomcat standalone running on a local Intranet. The server is
>windows 2000 SP2. Today while checking the access log files I found the
>following lines
>xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET /scripts/root.exe?/c+dir
>HTTP/1.0" 404 716
>xx.xx.xx.xx - - [11/Aug/2003:09:47:43 5050] "GET /MSADC/root.exe?/c+dir
>HTTP/1.0" 404 710
>
>What does this mean ? Is there any vulnerability in Tomcat or this
>combination ?. I have uncommented the invoker servlet in web.xml. Is it
>creating the problem ?.
>
>regards
>Antony Paul
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>
Re: [OT] Some one executing windows commands in Tomcat 4.1.18.
Posted by Kwok Peng Tuck <pe...@makmal.net>.
It's in the intranet right ? Should be easy to track down :)
Antony paul wrote:
>Hello,
> I have Tomcat standalone running on a local Intranet. The server is
>windows 2000 SP2. Today while checking the access log files I found the
>following lines
>xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET /scripts/root.exe?/c+dir
>HTTP/1.0" 404 716
>xx.xx.xx.xx - - [11/Aug/2003:09:47:43 5050] "GET /MSADC/root.exe?/c+dir
>HTTP/1.0" 404 710
>
>What does this mean ? Is there any vulnerability in Tomcat or this
>combination ?. I have uncommented the invoker servlet in web.xml. Is it
>creating the problem ?.
>
>regards
>Antony Paul
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: [OT] Some one executing windows commands in Tomcat 4.1.18.
Posted by Steph Richardson <st...@kvasar.com>.
this is just an IIS worm ( Nimda I think ) on someone else's server, sending requests to yours. You can see that all the requests
are returning a 404. Almost everyone sees this at some stage. Don't worry about it.
steph
> -----Original Message-----
> From: Antony paul [mailto:antonypaul24@hotmail.com]
> Sent: Monday, August 11, 2003 8:11 AM
> To: tomcat mail list
> Subject: [OT] Some one executing windows commands in Tomcat 4.1.18.
>
>
> Hello,
> I have Tomcat standalone running on a local Intranet. The server is
> windows 2000 SP2. Today while checking the access log files I found the
> following lines
> xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET /scripts/root.exe?/c+dir
> HTTP/1.0" 404 716
> xx.xx.xx.xx - - [11/Aug/2003:09:47:43 5050] "GET /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 710
>
> What does this mean ? Is there any vulnerability in Tomcat or this
> combination ?. I have uncommented the invoker servlet in web.xml. Is it
> creating the problem ?.
>
> regards
> Antony Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: [OT] Some one executing windows commands in Tomcat 4.1.18.
Posted by Steph Richardson <st...@kvasar.com>.
this is just an IIS worm ( Nimda I think ) on someone else's server, sending requests to yours. You can see that all the requests
are returning a 404. Almost everyone sees this at some stage. Don't worry about it.
steph
> -----Original Message-----
> From: Antony paul [mailto:antonypaul24@hotmail.com]
> Sent: Monday, August 11, 2003 8:11 AM
> To: tomcat mail list
> Subject: [OT] Some one executing windows commands in Tomcat 4.1.18.
>
>
> Hello,
> I have Tomcat standalone running on a local Intranet. The server is
> windows 2000 SP2. Today while checking the access log files I found the
> following lines
> xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET /scripts/root.exe?/c+dir
> HTTP/1.0" 404 716
> xx.xx.xx.xx - - [11/Aug/2003:09:47:43 5050] "GET /MSADC/root.exe?/c+dir
> HTTP/1.0" 404 710
>
> What does this mean ? Is there any vulnerability in Tomcat or this
> combination ?. I have uncommented the invoker servlet in web.xml. Is it
> creating the problem ?.
>
> regards
> Antony Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>