2016-03-07 17:52 GMT+01:00 Mark Thomas :
> On 05/03/2016 18:36, Mark Thomas wrote:
> > On 05/03/2016 17:08, Christopher Schultz wrote:
> >
> >>> First of all we could add the remote address valve and limit access to
> >>> localhost by default. That will limit some remote attacks but possibly
> >>>
On 05/03/2016 18:36, Mark Thomas wrote:
> On 05/03/2016 17:08, Christopher Schultz wrote:
>
>>> First of all we could add the remote address valve and limit access to
>>> localhost by default. That will limit some remote attacks but possibly
>>> not all depending on reverse proxy configurations
>>
On 05/03/2016 17:08, Christopher Schultz wrote:
>> First of all we could add the remote address valve and limit access to
>> localhost by default. That will limit some remote attacks but possibly
>> not all depending on reverse proxy configurations
>
> I was thinking about this as well. It would
Mark,
On 3/3/16 3:35 PM, Mark Thomas wrote:
> On 03/03/2016 15:36, Christopher Schultz wrote:
>> Dylan,
>>
>> This might be a better discussion for the users' list, but I'll keep it
>> on dev for the time being.
>>
>> On 2/28/16 2:28 PM, Dylan Ayrey wrote:
>>> I'm a security analyst at a company n
Le 3/03/2016 16:36, Christopher Schultz a écrit :
> 2. Many people use OS-package-managed versions of Tomcat, and we have no
> control over what goes on, there. Whatever we may do may be undone by
> the package manager(s).
FWIW I'm in a position to change the packaging of Tomcat in Debian (and
in
On 03/03/2016 15:36, Christopher Schultz wrote:
> Dylan,
>
> This might be a better discussion for the users' list, but I'll keep it
> on dev for the time being.
>
> On 2/28/16 2:28 PM, Dylan Ayrey wrote:
>> I'm a security analyst at a company named Praetorian. When doing internal
>> network pent
Dylan,
This might be a better discussion for the users' list, but I'll keep it
on dev for the time being.
On 2/28/16 2:28 PM, Dylan Ayrey wrote:
> I'm a security analyst at a company named Praetorian. When doing internal
> network pentesting it is extremely common to find tomcat instances with
>
To whom it may concern,
I'm a security analyst at a company named Praetorian. When doing internal
network pentesting it is extremely common to find tomcat instances with
manager portals, and users added to the manager role with the credentials
on line 35 of this file
*http://svn.apache.org/repos/a
