https://issues.apache.org/bugzilla/show_bug.cgi?id=55372
Bug ID: 55372
Summary: Bind JPDA_ADDRESS by default to lcaolhost
Product: Tomcat 8
Version: 8.0.0-RC1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: 1983-01...@gmx.net
The default setting of JPDA_ADDRESS=8000 poses some security risk. In many
corporate environments daily or weekly security scans are normal.
People, like me, sometimes forget to shutdown Tomcat in debug mode. Port 8000
is open to anyone.
Default JPDA_ADDRESS should be changed to localhost:8000 to minimize security
scan reports and possible VM hijacks.
Since this is a breaking change, this can be done for Tomcat 8.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
