Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

[OT] Some one executing windows commands in Tomcat 4.1.18.

Antony

2003-08-11

Replies:

Hello,
  I have Tomcat standalone running on a local Intranet. The server is
windows 2000 SP2. Today while checking the access log files I found the
following lines
xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 716
xx.xx.xx.xx - - [11/Aug/2003:09:47:43 5050] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 710

What does this mean ? Is there any vulnerability in Tomcat or this
combination ?. I have uncommented the invoker servlet in web.xml. Is it
creating the problem ?.

regards
Antony Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)


©2008 junlu.com - Jax Systems, LLC, U.S.A.