ic547 wrote:
> I have encountered this in September 2008. Here is what I have found:
>
> 1) There are several variants such as: fexcep OR fexcepkillshell OR
> fexcepshell OR fexcepspshell OR fexception OR fexshell OR fexsshell
>
> 2) It appears to be distributed using an automated scanner that
Sorry, one more note of use:
The manager username / password is set in: tomcat/conf/tomcat-users.xml
--
View this message in context:
http://www.nabble.com/Possible-hack-tool-kit-on-tomcat-6.0.16-tp18928896p19811097.html
Sent from the Tomcat - User mailing list archive at Nabble.com
opic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
View this message in context:
http://www.nabble.com/Possible-hack-tool-kit-on-tomcat-6.0.16-tp18928896p19811090.html
Sent from the Tomcat - User mailing
Mehrotra, Anurag wrote:
Could there be some kind of backdoor entry happening in the code.
Unlikely. This is the sixth report like this I have seen. So far, we have
got to the bottom of two and in both cases the manager app was the route in.
Whilst a Tomcat flaw is possible (and check out CVE
I just came across 2 war files within tomcat6.0/webapps folder:
fexcep.war and safe2.war. Both applications were deployed.
I was watching the thread "Possible virus uploaded to Tomcat 5.5.3" very
closely so the presence of these files alerted me.
Like the original thread nobody has access to the
