Bugtraq mailing list archives
Jakarta-tomcat.../admin
From: smorris () GRIDNET COM (Scott Morris)
Date: Fri, 21 Jul 2000 09:47:00 -0400
Summary: Jakarta Tomcat contains a security bug that can compromise UNIX servers running Tomcat as root. Tomcat can be used together with the Apache web server or a stand alone server for Java Servlets as well as Java Servlet Pages. Problem: The defaullt intall of Tomcat contains a mounted contest ( /admin ) that contains servlets that can be used to add, delete, or view context information about the Tomcat Server. Under UNIX, the root directory can bee added as a context, and if the server is running as root, all files on the system can be viewed over the web. Possible Solution: 1) Do not run the Tomcat server as root 2) Restrict access to the /admin context or remove it completely. Scott Morris UNIX Admin Gridnet International Key Fingerprint: 814E 7771 6EA9 6C94 B1C9 09C6 D86E 755E A0A9 1B67
Current thread:
- [TL-Security-Announce] wu-ftpd TLSA2000014-1, (continued)
- [TL-Security-Announce] wu-ftpd TLSA2000014-1 Joe Little (Jul 19)
- @stake iKey 1000 Security Advisory Kingpin (Jul 20)
- Re: @stake iKey 1000 Security Advisory Darren Reed (Jul 20)
- Security Update: DoS on gpm Technical Support (Jul 20)
- Biometrics conference Farrow, Rik (Jul 17)
- Re: CheckPoint FW1 BUG Brian Krahmer (Jul 17)
- Re: CheckPoint FW1 BUG Nicolas FISCHBACH (Jul 18)
- [Paper] Format bugs. Pascal Bouchareine (Jul 18)
- (New ?) Macro security hole in Word 97 Bongard, Dominique (Jul 21)
- Re: (New ?) Macro security hole in Word 97 Bronek Kozicki (Jul 22)
- Jakarta-tomcat.../admin Scott Morris (Jul 21)
- StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 21)
- [RHSA-2000:044-02] Updated PAM packages are available. bugzilla () REDHAT COM (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 21)
- Roxen security alert: Problems with URLs containing null characters. Peter Bortas (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. mixter (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Linus Akesson (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Dan Harkless (Jul 25)