On 11/07/2019 19:30, Kevin Brake wrote: > Reply to Kevin Brake<mailto:kevin.br...@goodyearaz.gov> > > Tomcat 8.5.32 JVM 1.8.0_181-b13 Windows Server 2016 amd64 > > We had stopped a webapp via Manager in February. Over July 4th the webapp > started and ran for several days before it was discovered. > There was a windows restart at that time in connection with windows updates. > Searching the logs also revealed potential CSRF attacks both on other webapps > that were supposed to be running as well as the one which restarted. There > was no activity for this webapp restart recorded in the manager log. > > I have searched known tomcat issues, general web, internal logs for the web > server. > > We are trying to determine how the webapp could have possibly started. Has > anyone heard of an issue where a stopped webapp can change state and run > because of an operating system restart?
http://tomcat.apache.org/tomcat-9.0-doc/config/host.html deployOnStartup > Could a successful CSRF attack set conditions for the webapp to start either > by a windows restart or a direct start? That would depend on the capabilities of the web applications and what requests were forged. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
