Hi;
My company is running a jsp site on IIS 5 with windows 2000, and all of the security patches. We discovered that if we use tomcat or jrun 2.3.3 with IIS that that we have to set up the tomcat ( or jrun ) directories as virtual directories ___with execute permissions turned on__. This got us hacked into. I don't understand how. It has something to do with how IIS handles malformed urls leaving IIS open to attacks if directories associated with a web site have execute permissions granted. Does Apache have a similar vulnerability? Steve Russell Web Developer III
|
- RE: Warning: Security Hole With IIS & Tomcat Russell, Steve
- RE: Warning: Security Hole With IIS & Tomcat Randy Layman
- RE: Warning: Security Hole With IIS & Tomcat Russell, Steve
- RE: Warning: Security Hole With IIS & Tomcat Michael Wentzel
- RE: Warning: Security Hole With IIS & Tomcat Randy Layman