> From: Warren Bell [mailto:[EMAIL PROTECTED]
[details of attack elided]
> The network that the server is on has a Lynksys RV082 small business
> router with the firewall completely locked down except for port 8080
> available only to the networks with the kiosks. The kiosks are on a
> basic Linksys home router.
That's a nice little JSP - once it's on the system, the attacker can do
anything they like that's allowed by the outbound firewall, with the privilege
of the user running Tomcat. I assume the server can connect freely to other
URLs, such as wherever it pulled init.exe from? So the problem reduces to how
someone managed to drop that JSP into 5.5.3 such that it could be invoked once?
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
