Sorry, one more note of use:
The manager username / password is set in: tomcat/conf/tomcat-users.xml
--
View this message in context:
http://www.nabble.com/Possible-hack-tool-kit-on-tomcat-6.0.16-tp18928896p19811097.html
Sent from the Tomcat - User mailing list archive at Nabble.com
.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Possible-hack-tool
ic547 wrote:
I have encountered this in September 2008. Here is what I have found:
1) There are several variants such as: fexcep OR fexcepkillshell OR
fexcepshell OR fexcepspshell OR fexception OR fexshell OR fexsshell
2) It appears to be distributed using an automated scanner that
I just came across 2 war files within tomcat6.0/webapps folder:
fexcep.war and safe2.war. Both applications were deployed.
I was watching the thread Possible virus uploaded to Tomcat 5.5.3 very
closely so the presence of these files alerted me.
Like the original thread nobody has access to the
Mehrotra, Anurag wrote:
Could there be some kind of backdoor entry happening in the code.
Unlikely. This is the sixth report like this I have seen. So far, we have
got to the bottom of two and in both cases the manager app was the route in.
Whilst a Tomcat flaw is possible (and check out