> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
> <tents fingers>The internal IP address of the server is ...
> 192.168.1.100! Nobody would have ever guessed that!
> Excellent! Now I can
> take over the world! Muahahaha!</tents fingers>
*Chuckle* Chris, all you need now is the white cat and the secret base in the
garden shed.
You might not be able to take over the world, but you might be able to take
over the server more easily if you can crack something else on the same
internal network. The OP's correct that it's an information disclosure
vulnerability, though I'm not sure whether it's present in Tomcat's error
pages. Certainly if you're going through the checklist of "generic" vuls so
that you can demonstrate your installation is hardened against those attacks,
it's fair to ask whether Tomcat's susceptible.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
