Today I noticed in my access log file, for the first time, what looks like an attempt to exploit a security vulnerability in Tomcat. I've seen thousands of attempted exploits against software that I'm not even running (IIS, SQL Server, PHP) but this is the first one I've seen directed at Tomcat specifically.
I thought I'd mention it because it's unusual, and also to remind people to make sure that webapps that aren't needed should be undeployed, and ones not meant for public use should be blocked from the internet. That includes manager, host-manager, webdav, balancer, and the example webapps. And, of course, keep up to date with security fixes. The request in question was for the page "/manager/html". Here's how I know it wasn't legitimate: - There were no other requests from that IP, i.e. they didn't look at any actual web pages on my site. - The request had no User-Agent. That's a common feature of exploit attempts, according to my logs. - There have been a couple of XSS vulnerabilities reported recently in the Manager webapp. I guess if the request for /manager/html had returned something it would have been followed by an exploit for one of these vulnerabilities. Finally, don't be alarmed. I don't recall hearing about a *successful* exploit against a Tomcat server. So don't worry, be happy. :-) -- Len --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]