Reply to Kevin Brake<mailto:kevin.br...@goodyearaz.gov>
Tomcat 8.5.32 JVM 1.8.0_181-b13 Windows Server 2016 amd64 We had stopped a webapp via Manager in February. Over July 4th the webapp started and ran for several days before it was discovered. There was a windows restart at that time in connection with windows updates. Searching the logs also revealed potential CSRF attacks both on other webapps that were supposed to be running as well as the one which restarted. There was no activity for this webapp restart recorded in the manager log. I have searched known tomcat issues, general web, internal logs for the web server. We are trying to determine how the webapp could have possibly started. Has anyone heard of an issue where a stopped webapp can change state and run because of an operating system restart? Could a successful CSRF attack set conditions for the webapp to start either by a windows restart or a direct start? Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10 All messages created in this system belong to the City of Goodyear and should be considered a public record subject to disclosure under Arizona Public Records Law (A.R.S. 39-121). City employees, City public officials, and those who generate E-mail to them, should have no expectation of privacy related to the use of this technology. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
