David Tyler wrote:
> Given the widespread and increasing nature of this exploit, I think it would
> be prudent of the tomcat devs to alter the default installation to disable
> the tomcat manager by default or otherwise somehow require a non-default
> password to be set. True, this is not a bug
There are increasing reports starting in July of 2008 and rising through August
and September of an active exploit involving the default credentials for the
tomcat manager app (not version specific).
I am writing to suggest the the tomcat devs take some simple steps to help
prevent novice user
