Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Security, Tomcat, Apache, & Windows

Posted on 2001-07-26
5
Medium Priority
?
227 Views
Last Modified: 2010-03-04
Hi;

My company is running a jsp site on IIS 5 with windows 2000, and all of
the security patches.


We discovered that if we use tomcat or jrun 2.3.3 with IIS that that
we have to set up the tomcat ( or jrun ) directories as virtual directories
___with execute permissions turned on__.


This got us hacked into.

I don't understand how.  It has something to do with how IIS handles
malformed urls leaving IIS open to attacks if directories associated with
a web site have execute permissions granted.

Does Apache have a similar vulnerability?

Does Apache have jsp/servlet capabilities built in or does it need to be
hooked up to tomcat?

Will Apache run on windows 2000?

To run JSP/Servlets do any directories associated with the apache web
server need to have execute permissions opened up.  Is it a security risk?

Thanks in advance

Steve




0
Comment
Question by:Steve34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 

Expert Comment

by:kakeat
ID: 6326046
Hi Steve,
   I am not sure about the security issue but I am running Apache on Win2K now.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 7498079
PAQ'd and points refunded

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question