I do not believe that files under the WEB-INF directory can be directly
referred to by the browser. You applet class (usually it is served as a .jar
file) must not be under WEB-INF. Maybe the catalina.policy file can change
this - but I don't think so.
-Original Message-
From: wolverine my
Others with more experience with the manager's inner workings can chime
in, but I don't think it can execute commands on the system -- at least
not with the default build from Apache. It's magic occurs entirely via
java code.
Some other vectors of possible attack include the CGI library if it
Hi everyone,
Stop me if you've heard this one before. No seriously, stop me because I've
had this problem for over a week now, and need to get it solved. Any
suggestions would be appreciated.
I am running a servlet-based application on Tomcat 4.1.27 together with Apache
2.0.51 on RH FC2, u
I would assume a compromised password as well, but am I fair in assuming
that the breakin was via a manager login.
The odd thing(in my mind at least) was that a shell was executed as a child
process of tomcat and then the port scanner
under that... but I dont see any new web-apps being installed
Well I did a little digging...I couldn't find any error messages but I did
realize an important clue. All of my JSPs that I try to load have calls to a
java class I've written, if I goto a JSP that doesn't have any calls to my
Java classes then presto...it loads without problem. In addition, it
Hi!
I'm trying to deploy a web application which also contain an applet.
Here are the files,
webapp/dummyapp/index.html
webapp/dummyapp/WEB-INF/classes/DummyApplet.class
webapp/dummyapp/WEB-INF/lib/commons-collections.jar
assuming that index.html will load the Java applet DummyApplet and
t
Hi!
http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.html
described how to start Tomcat with a SecurityManager, e.g.
%CATALINA_HOME%\bin\catalina start -security (Windows)
But how should we specify the -security when the Tomcat is started in
Window service?
I don't find any option
Tom Miller wrote:
> How can I tell struts-config.xml to forward to a link?
> I wanted struts-config.xml to go to this site after it done.
You will likely have better luck asking this on the struts users list.
Mark
-
To start a n
How can I tell struts-config.xml to forward to a link?
I wanted struts-config.xml to go to this site after it done.
http://www.cisco.com
What is the correct syntax to use when one wanted to have an
action to goto within the struts-config.xml?
I am running tomcat 5.0.7
Thanks much,
Tom
It's possible (anything is possible), but not likely with a default
install. I would look at all the services running on that server. If
you focus on your tomcat server to the detriment of other services, you
will miss critical forensic evidence. The tomcat user account may have
just had a w
I had an incident on my server the other day where someone had succesfully
broken into the server to execute a port scanner.
The port scanner was running under the tomcat process so I assume the
breakin was done by getting through the Tomcat manager app.
At first I feared that I had made a blun
I have already defined two workers (node1 and node2). Pls see the
workers.properties file from my email.
Thanks
Sanjeev
From: Wiley Snyder [mailto:[EMAIL PROTECTED]
Sent: Sat 6/10/2006 12:07 AM
To: Tomcat Users List
Subject: Re: Apache mod_jk JBoss Loadbalanci
12 matches
Mail list logo
