Solved

Security, Tomcat, Apache, & Windows

Posted on 2001-07-26
5
220 Views
Last Modified: 2010-03-04
Hi;

My company is running a jsp site on IIS 5 with windows 2000, and all of
the security patches.


We discovered that if we use tomcat or jrun 2.3.3 with IIS that that
we have to set up the tomcat ( or jrun ) directories as virtual directories
___with execute permissions turned on__.


This got us hacked into.

I don't understand how.  It has something to do with how IIS handles
malformed urls leaving IIS open to attacks if directories associated with
a web site have execute permissions granted.

Does Apache have a similar vulnerability?

Does Apache have jsp/servlet capabilities built in or does it need to be
hooked up to tomcat?

Will Apache run on windows 2000?

To run JSP/Servlets do any directories associated with the apache web
server need to have execute permissions opened up.  Is it a security risk?

Thanks in advance

Steve




0
Comment
Question by:Steve34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Expert Comment

by:kakeat
ID: 6326046
Hi Steve,
   I am not sure about the security issue but I am running Apache on Win2K now.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 7498079
PAQ'd and points refunded

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question