-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Leonardo,
On 4/30/14, 12:48 PM, Leonardo Santagostini wrote: > Im uploading mi logfiles so it will be available when finished > uploading. Remember to get a thread dump while Runtime.exec() is running. You should copy the script /tmp/4.sh somewhere else so you have a copy in case the attacker tries to clean-up after themselves. That's certainly what's doing the evil work. You could probably set up iptables or something to restrict outgoing requests so that the attack can't progress across your network. > Regarding the configuration, its working in two other sites > without problem, and there is no problem putting L4 balancing with > haproxy. > > I have asked developers about that exploit, still without answer. You appear to be using struts2 2.1.8, which is in the range of versions vulnerable to this bug. There is a workaround that you can probably apply: http://struts.apache.org/release/2.3.x/docs/s2-021.html (see the last section on this page). Of course, the vulnerability doesn't allow you to simply inject code or anything like that: you can certainly mess-around with code that is already available on the site, though. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTYS3BAAoJEBzwKT+lPKRYqDsP/jmNjM+YwxySFGgPUuvcL2bN kkApblcr9ryGZQG6RGwUFr69FCJ8qFDQSZ0aXXxPCfTpM6ce1VqXPv+WcOwnueOF mrugSa2InF2IWPAP2lwhEGqyxRAYZGfxz0aA9sFb7sSw4IpDP7u6TJx9g3oYrLTt URIbzTfhY0aGgEkQlrWNgrAWFKsUQ0uOrg8+3IS52O/e1ZVdudTMQBh5/LLJ522p yr+TlMooKDY8OA1TYttE0zEe3/Z9dd2AZ4YHoqLy8Hwq0lufYSaFZ5TpHfiOgJ0I 0Q3dcXEmjMTrBkBm4JKBR9b6KZSvG/H42q0GsEFHZeGw+3VIqYFGVRR5iCRRvVgg cqVKgGevB+fefcbGX9IFgFnus8QMUYq4XOcsE1YJVflxVBEfgwsCDLZEJqpzbovV ZpNBimPoLc8I5ifo2o7GSkO1GNSjhD7Q9p5MnmNW7Qna9RJh67Lv2oft9yPqGvjZ F2dTgbKFqyr8GSy/X4Ji8FsoeK+YxF0zXXDkaXxJzu054LuhodLCHJu7WwnwGjjL 0VI/Xxfihzk9+u3HNuwK0HTEt40Tca+vEKDUlMa9fvHL3ZqM3upy50bGE0PCTrJO A1cI+e0lzKEEQ+maym65DmSYiVvUPnfv0AxA0iUfU/UbhV1yWEkD3TyF3dOZPZqH ob6Km1Clt4KNLKVyQjt+ =8KFm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org