Can someone show in a step by step way for standalone tomcat:
1. how to show that a DELETE vulnerability exists in tomcat using a telnet
session for a sample file, let's say index.html
2. how to block the vulnerability by modifying web.xml
3. what telnet will show once the vulnerability has
is deny
all, instead of role-name/ which is deny to all but the blank role).
Since you are forbidding all access, you could also drop the
user-data-constraint on the second one (since with it, TC will first
redirect a PUT to SSL, and then deny it).
Ted Anagnost [EMAIL PROTECTED] wrote in message
Is there a way to prevent PUT or DELETE http methods if you're not using
container managed security? If so, how?
I already have this to force the use of https:
security-constraint
web-resource-collection
web-resource-nameProtected Context/web-resource-name
http://localhost/ works
http://127.0.0.1/ works
http://192.168.1.100/mysite/ works 192.168.1.100 is my internal IP
http://192.168.1.100/ displays a BLANK PAGE
1. Why does it display a blank page when using http://192.168.1.100/
2. What is the proper way to make all of these redirect to
Yes
- Original Message -
From: Mark Benussi [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 01, 2004 1:34 AM
Subject: RE: Blank Page when using http://192.168.1.100/
Are you using a router?
Original Message Follows
From: Ted Anagnost [EMAIL PROTECTED]
Reply
Message-
From: Ted Anagnost [mailto:[EMAIL PROTECTED]
Sent: 24 March 2004 08:58
To: Tomcat Users List
Subject: Re: http://localhost/ works but http://ip address/ doesn't
Hello Doug,
Last thing first. I did find you can set the IP with address=??? in
the server.xml. Check
Hello Doug,
Last thing first. I did find you can set the IP with address=??? in the
server.xml. Check for this. Unless you have a specific need to you can
remove it.
It's not there. Another thing is I tried to ping the computer again from a
different external computer
and got back no
filter on an IP.
Doug
www.parsonstechnical.com
- Original Message -
From: Ted Anagnost [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 3:36 AM
Subject: http://localhost/ works but http://ip address/ doesn't
http://localhost/ works but http://ip address/ doesn't
http://localhost/ works but http://ip address/ doesn't. Internet Explorer
gives a Cannot find server message.
I have tomcat 5.0.18 (without apache).
I can ping my IP externally. I have port forwarding enabled on my router.
Is there something I need to do to server.xml to enable this to