суббота, 2 марта 2013 г.

Tomcat Servlet Examples threats

Tomcat application server by default contains "/examples" directory which has many example servlets and JSPs.
We strongly recommend to disable public access to this directory by following security reasons:

  • Bypassing HttpOnly Cookies protection
  • CSRF cookies manipulation
  • Session manipulation
HttpOnly flag must protect user's cookies from client-side attacks such as XSS. There are two example servlets in Tomcat which shows all cookies in plain/text HTTP response:
  • /examples/servlets/servlet/RequestHeaderExample
  • /examples/servlets/servlet/CookieExample
Second servlet also provides CSRF-based cookie manipulations: set/redefine by GET and POST requests both.

Session manipulation is more interesting. Looks at /examples/servlets/servlet/SessionExample servlet. It is simplest way to gain admin privileges in target webapps which hosted on same Tomcat with SessionExample servlet.

Session is global and this servlet provides you any manipulations with your session!
We strongly recommend to disable public access to /examples directory again.
Автор: на

58 комментариев:

  1. Carruth Vallecillo28 августа 2017 г. в 23:21

    It is not, at that point, a straightforward matter of making a twofold installment one month from now in addition to somewhat additional for charges, since the advances are not figured on typical loan fees. What really happens is more extreme than only a basic charge.
    Check Cashing San-diego

    ОтветитьУдалить
    Ответы
    1. Unknown10 декабря 2020 г. в 14:24

      Great Article Cyber Security Projects projects for cse Networking Security Projects JavaScript Training in Chennai JavaScript Training in Chennai The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Удалить
  2. Carruth Vallecillo29 августа 2017 г. в 09:54

    Further, instead of holding up days or half a month for a choice, numerous online organizations will react inside a few hours. Rivalry in this market is savage, so they will do what it takes to get your business.
    Cash Advance Chicago

    ОтветитьУдалить
  3. Vanwingerden Urick14 сентября 2017 г. в 02:57

    Since they represent considerable authority in these credits, it is typically a simple, quick procedure to get the cash that you require.
    Cash Advance Corona

    ОтветитьУдалить
  4. Vanwingerden Urick14 сентября 2017 г. в 09:00

    For whatever length of time that you have a reasonable vehicle title to set up as security, and your auto credit is paid off or almost paid off, you can without much of a stretch fit the bill for a title advance. Car Title Loans Chicago

    ОтветитьУдалить
  5. heather16 августа 2018 г. в 23:58

    Этот комментарий был удален автором.

    ОтветитьУдалить
  6. Vaibhav Shrivastav25 октября 2018 г. в 02:20

    how to disable public access to /examples directory . Working on linux instance .Please help me

    ОтветитьУдалить
  7. nhuthuy19 февраля 2019 г. в 00:51

    Thanks for sharing, nice post! Post really provice useful information!

    Giaonhan247 chia sẻ những hạn chế dịch vụ mua hộ hàng mỹ với dịch vụ ship hàng amazon với chi tiết bảng giá ship hàng từ mỹ về việt nam uy tín cùng cách mua hàng trên amazon hay trên ebay việt nam uy tín cùng dịch vụ mua hộ hàng mỹ giá rẻ.

    ОтветитьУдалить
  8. meldaresearch4 марта 2020 г. в 04:45

    Are you encountering challenges searching for Online Criminology Assignment Help Services? Look no further; Criminology Essay Writing Services has a solution to your Criminology Coursework Writing Services.

    ОтветитьУдалить
  9. Term Paper Writing Services20 марта 2020 г. в 04:03

    Through our experts, we offer all kinds of Economics Essay Writing Services and Economics Research Paper Writing Services to suit the needs of every student when they are given any Economics Coursework Writing Services.

    ОтветитьУдалить
  10. salma23 марта 2020 г. в 15:44


    ارخص شركة نقل عفش

    ارخص شركة نقل عفش بالمدينة المنورة نقل عفش بالمدينة المنورة
    ارخص شركة نقل عفش بمكة نقل عفش بمكة
    شركة نقل عفش شركة نقل عفش

    ارخص شركة نقل عفش بجدة نقل عفش بجدة
    دينا نقل عفش جدة دينا نقل عفش بجدة



    ОтветитьУдалить
  11. Florahmelda14 июня 2020 г. в 22:38

    Architectural science research paper services have become very popular for students studying architectural science coursework writing services as they engage the best online Architectural Science Writing Services.

    ОтветитьУдалить
  12. meldaresearch17 сентября 2020 г. в 00:46

    Custom psychology research writing services are very difficult to complete and many students are always searching for Developmental Psychology Writing Services to help them complete their psychology assignment writing services and developmental psychology essay writing services.

    ОтветитьУдалить
  13. Term Paper Writing Services5 октября 2020 г. в 05:42

    There are many theology & religion coursework writing services and Religious Research Writing Services to choose from for those stuck with their religion assignment writing services and theology essay writing help services.

    ОтветитьУдалить
  14. meldaresearch15 октября 2020 г. в 03:39

    Public relations research writing services are very difficult to complete and many students are always searching for Public Relations Writing Services to help them complete their public relations coursework services and public relations research writing services.

    ОтветитьУдалить
  15. amc stars16 октября 2020 г. в 01:15

    عکس پروفایل عکس پروفایل عکس پروفایل عکس پروفایل

    ОтветитьУдалить
  16. CENK AK25 июня 2021 г. в 00:54

    rastgele görüntülü konuşma - kredi hesaplama - instagram video indir - instagram takipçi satın al - instagram takipçi satın al - tiktok takipçi satın al - instagram takipçi satın al - instagram beğeni satın al - instagram takipçi satın al - instagram takipçi satın al - instagram takipçi satın al - instagram takipçi satın al - binance güvenilir mi - binance güvenilir mi - binance güvenilir mi - binance güvenilir mi - instagram beğeni satın al - instagram beğeni satın al - polen filtresi - google haritalara yer ekleme - btcturk güvenilir mi - binance hesap açma - kuşadası kiralık villa - tiktok izlenme satın al - instagram takipçi satın al - sms onay - paribu sahibi - binance sahibi - btcturk sahibi - paribu ne zaman kuruldu - binance ne zaman kuruldu - btcturk ne zaman kuruldu - youtube izlenme satın al - torrent oyun - google haritalara yer ekleme - altyapısız internet - bedava internet - no deposit bonus forex - erkek spor ayakkabı - webturkey.net - karfiltre.com - tiktok jeton hilesi - tiktok beğeni satın al - microsoft word indir - misli indir

    ОтветитьУдалить
  17. Takipçi Satın Al30 июня 2021 г. в 06:36

    En hızlı instagram takipçi satın al
    En uygun instagram takipçi satın al
    En telafili instagram takipçi satın al
    En gerçek spotify takipçi satın al
    En ucuz instagram takipçi satın al
    En otomatik instagram takipçi satın al
    En sistematik tiktok takipçi satın al
    En otantik instagram takipçi satın al
    En opsiyonel instagram takipçi satın al
    En güçlü instagram takipçi satın al
    En kuvvetli instagram takipçi satın al
    En seri instagram takipçi satın al
    En akıcı instagram takipçi satın al
    En akıcı instagram takipçi satın al
    En akıcı instagram takip etmeyenler

    ОтветитьУдалить
  18. takipcim3 июля 2021 г. в 07:03

    En iyi bahis siteleri bahis siteleri
    canlı bahis canlı bahis siteleri
    güvenilir bahis güvenilir bahis siteleri
    tiktok izlenme satın altiktok izlenme satın al
    takipçi satın al takipci satın al
    instagram izlenme instagram izlenme satın al
    tiktok takipçi satın al tiktok takipçi satın al
    instagram begeni satın al
    takipci satın al

    ОтветитьУдалить
  19. kartal moto kurye12 июля 2021 г. в 10:46

    İstanbul moto kurye endüstrisinde 15 yılı aşkın deneyimimizle, teslimatınızın önemli olduğu her an için burdayız.

    ОтветитьУдалить
  20. Unknown21 июля 2021 г. в 05:19

    aşk kitapları
    youtube abone satın al
    cami avizesi
    cami avizeleri
    avize cami
    no deposit bonus forex 2021
    takipçi satın al
    takipçi satın al
    takipçi satın al
    takipcialdim.com/tiktok-takipci-satin-al/
    instagram beğeni satın al
    instagram beğeni satın al
    btcturk
    tiktok izlenme satın al
    sms onay
    youtube izlenme satın al
    no deposit bonus forex 2021
    tiktok jeton hilesi
    tiktok beğeni satın al
    binance
    takipçi satın al
    uc satın al
    sms onay
    sms onay
    tiktok takipçi satın al
    tiktok beğeni satın al
    twitter takipçi satın al
    trend topic satın al
    youtube abone satın al
    instagram beğeni satın al
    tiktok beğeni satın al
    twitter takipçi satın al
    trend topic satın al
    youtube abone satın al
    takipcialdim.com/instagram-begeni-satin-al/
    perde modelleri
    instagram takipçi satın al
    instagram takipçi satın al
    takipçi satın al
    instagram takipçi satın al
    betboo
    marsbahis
    sultanbet

    ОтветитьУдалить
  21. gipaş tekstil3 августа 2021 г. в 01:10

    toptan iç giyim tercih etmenizin sebebi kaliteyi ucuza satın alabilmektir. Ürünler yine orjinaldir ve size sorun yaşatmaz. Yine de bilinen tekstil markalarını tercih etmelisiniz.

    Digitürk başvuru güncel adresine hoşgeldiniz. Hemen başvuru yaparsanız anında kurulum yapmaktayız.

    tutku iç giyim Türkiye'nin önde gelen iç giyim markalarından birisi olmasının yanı sıra en çok satan markalardan birisidir. Ürünleri hem çok kalitelidir hem de pamuk kullanımı daha fazladır.

    nbb sütyen hem kaliteli hem de uygun fiyatlı sütyenler üretmektedir. Sütyene ek olarak sütyen takımı ve jartiyer gibi ürünleri de mevcuttur. Özellikle Avrupa ve Orta Doğu'da çokça tercih edilmektedir.

    yeni inci sütyen kaliteyi ucuz olarak sizlere ulaştırmaktadır. Çok çeşitli sütyen varyantları mevcuttur. iç giyime damga vuran markalardan biridir ve genellikle Avrupa'da ismi sıklıkla duyulur.

    iç giyim ürünlerine her zaman dikkat etmemiz gerekmektedir. Üretimde kullanılan malzemelerin kullanım oranları, kumaşın esnekliği, çekmezlik testi gibi birçok unsuru aynı anda değerlendirerek seçim yapmalıyız.

    iç giyim bayanların erkeklere göre daha dikkatli oldukları bir alandır. Erkeklere göre daha özenli ve daha seçici davranırlar. Biliyorlar ki iç giyimde kullandıkları şeyler kafalarındaki ve ruhlarındaki özellikleri dışa vururlar.

    ОтветитьУдалить
  22. Unknown15 августа 2021 г. в 00:56

    www.escortsmate.com
    escortsmate.com
    https://www.escortsmate.com

    ОтветитьУдалить
  23. Unknown15 августа 2021 г. в 13:51

    marsbahis
    betboo
    sultanbet
    marsbahis
    betboo
    sultanbet

    ОтветитьУдалить
  24. Edison hope2 сентября 2021 г. в 13:54

    Aha, it's a good discussion about this paragraph at this place on this website, I read all of that, so now I'm commenting here too...Eligible travelers can obtain a Tourist visa to Turkey and pay the e Visa Turkey cost online by filling an online form with their personal details and passport information.

    ОтветитьУдалить
  25. Tom29 сентября 2021 г. в 01:57

    What an amazing work.. Thank you for this work.. The UK citizens traveling to Azerbaijan can apply for online Azerbaijan visa for UK citizens. Get visa just in 3 steps apply online, upload document, and make payment.

    ОтветитьУдалить
  26. My Site11 ноября 2021 г. в 05:54

    What an interesting article! I'm glad i finally found what i was looking for.
    토토
    경마
    온라인경마

    ОтветитьУдалить
  27. My Site11 ноября 2021 г. в 05:54

    I am overwhelmed by your post with such a nice topic. Usually I visit your site and get updated through the information you include but today’s blog would be the most appreciable.
    카지노
    토토사이트

    ОтветитьУдалить
  28. Tom22 ноября 2021 г. в 10:55

    Nice post. Thank you for this work. The travelers need to apply visa for Kenya business visa through online visa application. Check the details and read the guidelines before you fill up the application form.

    ОтветитьУдалить
  29. BESTSITE13 декабря 2021 г. в 04:12

    I want to to thank you for this great read!! I certainly enjoyed every little bit of it. I have you bookmarked to check out new stuff you post… 성인야설

    ОтветитьУдалить
  30. CLICKME13 декабря 2021 г. в 04:18

    You are my inhalation, I have few web logs and very sporadically run out from to post .

    립카페

    ОтветитьУдалить
  31. MY SITE13 декабря 2021 г. в 04:22

    A powerful share, I simply given this onto a colleague who was doing a little bit evaluation on this. And he in truth bought me breakfast because I discovered it for him.. smile. So let me reword that: Thanks for the deal with! However yeah Thanks for spending the time to debate this, I really feel strongly about it and love studying more on this topic. If doable, as you turn into experience, would you thoughts updating your blog with extra particulars? It’s extremely useful for me. Big thumb up for this weblog post!타이마사지

    ОтветитьУдалить
  32. VISIT ME13 декабря 2021 г. в 04:26

    Looking forward to reading more. Great article post. Fantastic. Thanks so much for the blog. Much obliged.안마

    ОтветитьУдалить
  33. Zamzam company20 декабря 2021 г. в 13:18


    ليس من الضروري تنظيف منزلك كل يوم ، ولكن يزداد عدد مرات تنظيف منزلك بشكل ملحوظ عندما يمرض شخص واحد. يعد وضع كل من هذه الأسطح التي يتم لمسها بشكل شائع على قوائم التنظيف الخاصة بك في المنزل أمرًا مهمًا لمكافحة الأمراض والعدوى. إذا جعلت مسح هذه الأسطح ممارسة يومية ، فسترى سريعًا كيف أن تنظيف المنزل هو إحدى الخطوات الأولى للتغلب على المرض.
    عندما تبدأ في تنظيف منزلك وتنظيمه ، من المهم استهداف مناطق معينة يتم التطرق إليها بشكل شائع. باستخدام منتجات التنظيف المنزلية المضادة للبكتيريا ، قم بتطهير جميع مقابض الأبواب والحنفيات ومفاتيح الإضاءة وأجهزة التحكم عن بُعد وأسطح الطاولات والكراسي الصلبة. تأكد من استخدام منتجات التنظيف المنزلية المطهرة في جميع أنحاء الحمامات والمطبخ.
    شركة تنظيف بجازان
    يتسخ أثاث غرفة المعيشة بسرعة ، ومن وقت لآخر قد تلاحظ بقعة لونية تركها طفلك على الأريكة ، أو بقايا الطعام ، أو بقعة قهوة أو شاي تحتاج إلى معرفة كيفية تنظيف الأريكة من البقع الصعبة دون أن تفقد لمعانها خاصة أنه لا توجد طريقة موحدة لتنظيف جميع أنواع الأرائك
    إذا كانت الأريكة الخاصة بك ملطخة ، فلديك مجموعة متنوعة من الخيارات لتنظيفها ، اعتمادًا على نوع القماش والبقعة. ابدأ بالرجوع إلى علامة العناية الخاصة برمز التنظيف ، والتي ستخبرك بالمنتجات والمنظفات الآمنة للاستخدام على هذا القماش المعين. بمجرد أن تعرف ذلك ، يمكنك المتابعة باستخدام منظف مائي أو مذيب للتنظيف الجاف
    لتنظيف البقع على قماش التنجيد ، يمكنك خلط ربع كوب من الخل مع ثلاثة أرباع أكواب من الماء الدافئ وملعقة كبيرة من سائل غسيل الأطباق ، ثم رش الخليط على الزجاجة ورشها على التربة ، ثم امسح بقطعة قماش حتى تختفي البقعة ، ثم استخدم قطعة قماش أخرى مبللة بالماء ، امسح الصابون في نفس المنطقة ، ثم جفف المنشفة بقطعة القماش.
    شركة تنظيف مجالس بجازان

    ОтветитьУдалить
  34. Robert smith11 января 2022 г. в 23:53

    I love to read this, thank you... Getting an Indian business visa is easy. You can apply online completely securely through eVisa India website and pay the India business visa cost. Your visa fee depends on your nationality.

    ОтветитьУдалить
  35. Unknown31 января 2022 г. в 07:18

    tiktok jeton hilesi
    tiktok jeton hilesi
    binance referans kimliği
    gate güvenilir mi
    tiktok jeton hilesi
    paribu
    btcturk
    bitcoin nasıl alınır
    yurtdışı kargo

    ОтветитьУдалить
  36. Olivia John8 февраля 2022 г. в 11:27

    Wow, that's what I was looking for, what stuff! Present here on this website, thanks to the admin of this website.. Turkish Visit Visa is an electronic travel authorization which is a 100% online Turkish evisa process, which takes hardly 3-5 minutes to fill out an online application.

    ОтветитьУдалить
  37. sportstotohot.com10 февраля 2022 г. в 03:46

    Here are some links to web pages that we link to simply because we feel they’re really worth visiting. 토토사이트

    ОтветитьУдалить
  38. racesite.pro10 февраля 2022 г. в 03:56

    Hi there! This article could not be written much better! 경마사이트

    ОтветитьУдалить
  39. reelgame.site10 февраля 2022 г. в 04:05

    Appreciate it for helping out, excellent info. 릴게임

    ОтветитьУдалить
  40. totosite365.info10 февраля 2022 г. в 04:13

    Pretty! This has been an incredibly wonderful article. Thank you for supplying this information. 토토

    ОтветитьУдалить
  41. badugisitenet14 марта 2022 г. в 06:44

    This is an incredible post I seen on account of offer it. It is truly what I needed to see seek in future you will proceed after sharing such a magnificent post. 바둑이게임

    ОтветитьУдалить
  42. casinositehot.com14 марта 2022 г. в 06:46

    great to be here in your article or post, whatever, I figure I ought to likewise buckle down for my own site like I see some great and refreshed working in your site. 바카라사이트

    ОтветитьУдалить
  43. casinositeguide.com16 марта 2022 г. в 05:32

    It is very well written, and your points are well-expressed. I request you warmly, please, don’t ever stop writing. 바카라사이트

    ОтветитьУдалить
  44. totosafedb.com16 марта 2022 г. в 08:22

    Great blog! Do you have any tips for aspiring writers? I’m hoping to start my own blog soon but I’m a little lost on everything. 먹튀검증디비

    ОтветитьУдалить
  45. Andre Van den berg24 марта 2022 г. в 00:42

    This is new knowledge for me, I am excited about it. thanks....Indian tourist visa, You can get an online tourist visa for India and visit the beautiful religious places of India etc.


    ОтветитьУдалить
  46. Ponzaar2 апреля 2022 г. в 22:38

    İnstagram takipçi satın al! İnstagram takipçi sitesi ile takipçi satın al sende sosyal medyada fenomen olmaya bir adım at. Sende hemen instagram takipçi satın almak istiyorsan tıkla:

    1- takipçi satın al

    2- takipçi satın al

    3- takipçi satın al

    ОтветитьУдалить
  47. Unknown6 апреля 2022 г. в 02:01

    Pretty useful article. I merely stumbled upon your internet site and wanted to say that I’ve very favored learning your weblog posts. Any signifies I’ll be subscribing with your feed and I hope you publish once additional soon. 메이저사이트

    ОтветитьУдалить
  48. James7 апреля 2022 г. в 01:20

    Superb blog! This gives a lot of information... Now I am telling you the information which is needed to know you. After covid19 Indian tourist visa open for all international travelers. The Indian government has played the main role to promote tourism in India.

    ОтветитьУдалить
  49. Albert25 апреля 2022 г. в 00:47

    Fantastic work sir, Lots of people ask, How to apply for an emergency visa to India from the USA? You can easily apply for an emergency India visa for US citizens within 5 to 10 minutes. You can find more info about visa via on our india visa page.

    ОтветитьУдалить
  50. Hihihi9 мая 2022 г. в 01:47

    슬롯커뮤니티

    ОтветитьУдалить
  51. Fore Security11 мая 2022 г. в 02:55

    Installing a clear and visible intruder alarm system will protect your business by providing an obvious deterrent to prevent criminal activity on your premises. intruder alarm system uk

    ОтветитьУдалить
  52. Snozone UK11 мая 2022 г. в 08:57

    Our meeting rooms are available to hire with a number of different packages, incorporating quality catering produced by our team in the Alpine Kitchen. Capacities range from 5 through to over 200 people and, for larger events, the entire Snozone venue can be exclusively yours for up to 800 delegates! Meeting Rooms Milton Keynes

    ОтветитьУдалить
  53. Venue Pro11 мая 2022 г. в 09:29

    Этот комментарий был удален автором.

    ОтветитьУдалить
  54. Venue Pro11 мая 2022 г. в 09:33

    Create task lists and workflows, assign tasks to team members and monitor all actions. Actionable check list items can be assigned to the concerned person or department and team leads can see the tasks assigned by them and the current progress. venue workflow management

    ОтветитьУдалить
  55. Hehehe23 мая 2022 г. в 23:08

    oncasino

    ОтветитьУдалить
  56. Maradona Jons30 мая 2022 г. в 02:36

    Этот комментарий был удален автором.

    ОтветитьУдалить
  57. Nikkitr Godman4 июня 2022 г. в 23:04

    I loved the way you started this blog and even more enjoyed it when you continued writing in the same pattern…I loved every detail of this post!! Many people ask , What is the Turkey visa? '' Turkish visa or e visa Turkey is an official travel permit granting entry into Turkey, issued by the Turkish government to foreign travelers from around the world. Travelers can apply for this Turkey e visa completely online and even pay the visa fee online.

    ОтветитьУдалить

Подписаться на: Комментарии к сообщению (Atom)