Solved

Tomcat access to app without app folder name

Posted on 2014-09-24
3
183 Views
Last Modified: 2014-10-04
Hi,

I wonder if is there a known method to access to tomcat app located into webapps folder without knowing it's adress? ( I mean leak or known method)

I mean if I put:
example.com:8080/XXX

Where XXX will be long 50 characets link.

Is that possible to run tomcat app without knowing it's name? (Only knowing example.com:8080)
If app will work as very long complicated name IMHO it's not possible. (Until someone has time to brute force and guess valid URL with app response)

I know it's security by obscurity and not real security anyway I need to know possible leaks of such solution.
0
Comment
Question by:Ian Simonv
  • 2
3 Comments
 
LVL 27

Expert Comment

by:rrz
ID: 40342932
I know it's security by obscurity
Isn't that how passwords work?
The only leak would be the manager app that comes preinstalled in Tomcat. But, it is password protected.  You could just remove the manager app if you are not using it.
Another vulnerability would be your browser's history. If someone had access to your machine, then they could see your history.
0
 

Author Comment

by:Ian Simonv
ID: 40344226
Ok thanks I needed only to know possible tomcat hidden functions or leaks.
Manager is not needed, history is not a problem looks like my idea with long link is not so bad.
0
 
LVL 27

Accepted Solution

by:
rrz earned 500 total points
ID: 40344420
Tomcat has an API that the manager app uses to do its job.  It has the list method  which renders a list of the currently active Contexts.
http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/manager/ManagerServlet.html       
I don't know if it is possible for someone to misuse it.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux tcp ports listening for testing 4 48
linux installs 6 50
VirtualBox in Fedora 25 Linux:  Unable to Install OS 11 160
Penetration Testing home based work 3 55
This article is about some of the basic and important steps to be used to improve the performance in web-sphere commerce application development. 1) Always leverage the Dyna-caching facility provided by the product 2) Remove the unwanted code …
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Video by: Michael
Viewers learn about how to reduce the potential repetitiveness of coding in main by developing methods to perform specific tasks for their program. Additionally, objects are introduced for the purpose of learning how to call methods in Java. Define …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now