That 404 means they got a page not found error. This is just some script kiddie looking for problems. I wouldn't worry about it. If you want to creat a servlet mapping that grabs these requests and then pipes them off into the lala land of the never-ending-connection, please do. It would help reduce their effect on the rest of the net. --Angus
> -----Original Message----- > From: Antony paul [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2003 8:11 AM > To: tomcat mail list > Subject: [OT] Some one executing windows commands in Tomcat 4.1.18. > > > Hello, > I have Tomcat standalone running on a local Intranet. The > server is > windows 2000 SP2. Today while checking the access log files I > found the > following lines > xx.xx.xx.xx - - [11/Aug/2003:09:47:38 5050] "GET > /scripts/root.exe?/c+dir > HTTP/1.0" 404 716 > xx.xx.xx.xx - - [11/Aug/2003:09:47:43 5050] "GET > /MSADC/root.exe?/c+dir > HTTP/1.0" 404 710 > > What does this mean ? Is there any vulnerability in Tomcat or this > combination ?. I have uncommented the invoker servlet in > web.xml. Is it > creating the problem ?. > > regards > Antony Paul > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
