Security, Tomcat, Apache, & Windows

Hi;

My company is running a jsp site on IIS 5 with windows 2000, and all of
the security patches.


We discovered that if we use tomcat or jrun 2.3.3 with IIS that that
we have to set up the tomcat ( or jrun ) directories as virtual directories
___with execute permissions turned on__.


This got us hacked into.

I don't understand how.  It has something to do with how IIS handles
malformed urls leaving IIS open to attacks if directories associated with
a web site have execute permissions granted.

Does Apache have a similar vulnerability?

Does Apache have jsp/servlet capabilities built in or does it need to be
hooked up to tomcat?

Will Apache run on windows 2000?

To run JSP/Servlets do any directories associated with the apache web
server need to have execute permissions opened up.  Is it a security risk?

Thanks in advance

Steve




Steve34Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
moduloConnect With a Mentor Commented:
PAQ'd and points refunded

modulo

Community Support Moderator
Experts Exchange
0
 
kakeatCommented:
Hi Steve,
   I am not sure about the security issue but I am running Apache on Win2K now.
0
All Courses

From novice to tech pro — start learning today.