Example analysis of Tomcat vulnerability utilization and security reinforcement

Vulnerabilities commonly encountered in Tomcat middleware:

1. Tomcat has a management background by default. The default management address is http://IP or the domain name is port number /manager/ HTML

Axis2 default password security vulnerability, the default management address is http://IP or domain name: port number/Axis2 /axis2-admin/. According to the deployment experience of WebService, there are many websites directly deployed in the root directory, so the background address is mostly http://*.*.* : 8080 / axis2 – web /. Click Administration to enter the Axis2 backstage login screen and enter the default password admin/ Axis2. If the password has not been changed, you can enter the backstage login screen successfully.

Reference:

How to make use of Axis2 default password security vulnerabilities invasion WebService website www.tuicool.com/articles/iu…

Tomcat default background using sec.chinabyte.com/442/1267144…

Axis2 uses the gadget cat.aar www.hackdig.com/?11/hack-15…

Example analysis of Tomcat vulnerability utilization and security reinforcement

Related Posts

The region around leetcode_130

Half programmer and half teacher, destined for an extraordinary 2021

DesignPattern – State pattern