[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: Amazon EC2 Tomcat 7.0.85 not starting up due to some memory issue .Please mask if
From:       Kiran Badi <kiran () poonam ! org>
Date:       2018-05-18 0:40:47
Message-ID: CAGcL9UPYBpnTqguRvqpA5m4Qjq4ybyVbtq2DKK-HQ21DcdbuhA () mail ! gmail ! com
[Download RAW message or body]


Thanks Jakel for the link and thanks Shawn for reply and some insights.

I did scan some of my application logs and can see some kind of XSS attacks
originating from china/Russia .Most of them were targeted to the database.
Tried to reproduce many of them , they don't yield anything.

I have not yet figured as how they have gained entry to the system.I will
spend some time this weekend to patch the things up and see if I can
investigate this further.



On Thu, May 17, 2018 at 3:11 AM, J=C3=A4kel, Guido <G.Jaekel@dnb.de> wrote:

> Dear Kiran,
>
> there might be many other ways to compromise your server. But I wonder
> about the application you run on you Tomcat and if you know about the
> wide-used exploit in the Java JSF library "Primefaces" (see
> https://www.exploit-db.com/exploits/43733/).
>
> With greetings
>
> Guido
>
> >-----Original Message-----
> >From: Kiran Badi [mailto:kiran@poonam.org]
> >Sent: Wednesday, May 16, 2018 7:13 PM
> >To: Tomcat Users List <users@tomcat.apache.org>
> >Subject: Re: Amazon EC2 Tomcat 7.0.85 not starting up due to some memory
> issue .Please mask if
> >
> >Yes tomcat is not starting up. I am also suspecting that EC2 instance wa=
s
> >probably compromised. Not sure as how but I see some rogue programs were
> >running under tomcat user. I use putty with private keys to login and
> those
> >keys are not in public view for sure.
> >
>


[prev in list] [next in list] [prev in thread] [next in thread]