In the appendix, we include also a reference of CVEs addressing vulnerabilities in Apache Tomcat. DetectionĪs far as we know, the malware tries to connect to the following IRC servers: We recommend to keep Apache Tomcat updated to the latest version. If you are running an Apache Tomcat server connected to the Internet, take your time to check: The same server apparently is used for fetching the malware: The worm also sends collected information to the following server in HTTP on port 80/TCP.Review DNS logs, Tomcat logs and Firewall logs.Review user accounts and password strength.Review running processes on Apache Tomcat serverĪ list of domains/IP addresses is following hereafter.You might use it as a base for reviewing log files. This can be done using the Valve element from Tomcat or directly the Apache configuration To avoid username-password brute forcing of the Tomcat manager interface, we recommend to apply packet filtering It should be safe to block all access on your Firewalls/IPS/DNS to the following domains/IP addresses: You can also use your network or security device to restrict the source IP to required Apache Tomcat administrators. ![]() If in doubt, don’t hesitate to contact CIRCL. ![]() NOTE: the vendor disputes the significance of this report, stating that “the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application … as they require a reckless system administrator.” CVE-2013-6357 T10:55:04.190-05:00 6.8 ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI.Version 1.0 NovemInitial version (TLP:WHITE).TLP:WHITE information may be distributed without restriction, subject to copyright controls.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |