Wednesday, November 20, 2013

Got OWASP? Tomcat.tomdept vulnerability or bad hardening?

We have known this rule for ages: Do not run services you do not need. Hardening servers is mainstream already, and yet malware gets through those services that should not be running.

Why would someone run the Tomcat "manager" application? It is just one of the first things you should remove when you install your brand new tomcat.

Not doing so will only increase your chances to get compromise with malware like Tomcat.tomdept.

No comments: