PDA

View Full Version : This place uses Tomcat, right?



sal
25-09-2002, 10:58 PM
if it does then....theres a security issue....whats ur email address (moderator)

grtz sal.
nz

sal
25-09-2002, 11:04 PM
argh, i want to post it up here, its a new one (if you already knew of others, lol) but from what i can tell, its not very dangerous

can i post it up, can i? :D

grtz sal.
nz

-=JM=-
25-09-2002, 11:31 PM
Server: Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6b

Would be what they are using. But yes I have seen Tomcat mentioned here at times.

sal
25-09-2002, 11:36 PM
Apache Tomcat/4.0.3

yep, they do

Tomcat is the free opensource Java server, http://jakarta.apache.org/tomcat/.

Mike
25-09-2002, 11:39 PM
It was mentioned in (I think) tweak'es news post yesterday. I was wondering if that might be causing some of the problems around here lately :) unlikely I guess...

Mike.

sal
25-09-2002, 11:41 PM
oh, im tired, i had a look at the repercussions of posting up the vulnerablitlty, and could see no problems arise fro it, so here goes

Tomcat is vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet.

Let say you have valid URL like http://pressf1.co.nz/login.jsp, then an URL like http://pressf1.co.nz/servlet/org.apache.catalina.servlets.DefaultServlet/login.jsp will give you the source code of the JSP page.

although i dont really see whats so great about seeing the source code of a jive forum :p

grtz sal.
nz

Mike
25-09-2002, 11:44 PM
ah interesting :)

don't think it is the same as the one in the news post

Mike.

sal
26-09-2002, 12:06 AM
whoa, im obviously tired judging from my last posts typos, and maybe my judgement in posting up the vulnerablilty, although i dont really know much stuff about that side of things ;), but i guess seeing as i mentioned it, it wouldnt be long before the 'story got out', lolz, nite :D

grtz sal.
tga