There is someone from xx.xx.xx.xx trying to use an IIS vulnerability. If it's realy intranet your admin should have a look at the offending pc if it is infected by a virus. (Not shure out of the head if this is nimda, code red or what else)
This vulnerability is not affecting tomcat. > -----Original Message----- > From: Antony paul [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2003 2:11 PM > To: tomcat mail list > Subject: [OT] Some one executing windows commands in Tomcat 4.1.18. > > > I have Tomcat standalone running on a local Intranet. The > server is > windows 2000 SP2. Today while checking the access log files I > found the following lines > xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET > /scripts/root.exe?/c+dir --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
