apache and tomcat aren't vulnerable, but putting up a firewall to block the IP might be a good idea. For my own server I zone alarm pro, which will block IP trying this exact type of exploit.
peter Laura wrote: > > Hi all, > > well I have, in my opinion, a very interesting question. > > Last week we went in a production enviroment: we have apache + tomcat with an >important web application xxx (http.conf has JkMount /xxx worker). > > Well, this morning I have discovered that somebody has tried to attack my server: in >the Apache error log I have found calls as >/scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/....., and so on. > > My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system >secure? ( my machine is a solaris 8). > > Thanks > > Laura -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
