Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

ISC StormCast for Tuesday, April 21st 2015

Reminder: Secure Your Tomcat Admin Interface

Published: 2015-04-20
Last Updated: 2015-04-20 12:58:40 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

In our web application honeypots, we do see continuing scans for "/manager/html". While our honeypot doesn't (yet) fully simulate this Tomcat administrative interface, these scans are usually used to find unprotected Tomcat manager URLs. 

The full request:

GET /manager/html HTTP/1.1
Authorization: Basic
Accept: */*
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: [host ip redacted]:8080
Cache-Control: no-cache

Today's top sources of these scans are:  (<-- by far the largest source)   (maybe just block ?)

OWASP got a brief guide on securing Tomcat:

See the "Securing Manager WebApp" for details on protecting your management interface.


Johannes B. Ullrich, Ph.D.

0 comment(s)
ISC StormCast for Monday, April 20th 2015

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Handling Special PDF Compression Methods
1 day ago by DidierStevens (0 comments)

MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
3 days ago by Dr. J. (41 comments)

Memory Forensics Of Network Devices
3 days ago by DidierStevens (0 comments)

Exploit kits (still) pushing Teslacrypt ransomware
5 days ago by Brad Duncan (1 comment)

Microsoft Patch Tuesday - April 2015
6 days ago by Alex Stanford (7 comments)

Odd POST Request To Web Honeypot
1 week ago by Dr. J. (8 comments)

View All Diaries →

Latest Discussions

Disruption of Simda botnet
created 5 days ago by Brad Duncan (0 replies)

STUN traffic
created 5 days ago by Tom (2 replies)

DMZ Server dual NIC design
created 6 days ago by Anonymous (0 replies)

Anyone else seeing packet probes using the chaos protocol? (PROTO=16)
created 1 week ago by RG (0 replies)

The Story of a Pentester Recruitment
created 1 week ago by Brad Duncan (0 replies)

View All Forums →

Latest News

View All News →