Solved

Security, Tomcat, Apache, & Windows

Posted on 2001-07-26
5
189 Views
Last Modified: 2010-03-04
Hi;

My company is running a jsp site on IIS 5 with windows 2000, and all of
the security patches.


We discovered that if we use tomcat or jrun 2.3.3 with IIS that that
we have to set up the tomcat ( or jrun ) directories as virtual directories
___with execute permissions turned on__.


This got us hacked into.

I don't understand how.  It has something to do with how IIS handles
malformed urls leaving IIS open to attacks if directories associated with
a web site have execute permissions granted.

Does Apache have a similar vulnerability?

Does Apache have jsp/servlet capabilities built in or does it need to be
hooked up to tomcat?

Will Apache run on windows 2000?

To run JSP/Servlets do any directories associated with the apache web
server need to have execute permissions opened up.  Is it a security risk?

Thanks in advance

Steve




0
Comment
Question by:Steve34
5 Comments
 

Expert Comment

by:kakeat
ID: 6326046
Hi Steve,
   I am not sure about the security issue but I am running Apache on Win2K now.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 7498079
PAQ'd and points refunded

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Xampp Not Stopping 9 40
Problem to go to page 12 82
htaccess restrict subdomain 4 89
Virtual host in apache 31 82
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

30 Experts available now in Live!

Get 1:1 Help Now