Nutch vulnerabilities

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Nutch vulnerabilities

lumavanossi
Hi,

 Is there any vulnerability on the use of Nutch that could let a server vulnerabile?

 The use of tomcat, for example, on port 8080 can let the server vulnerabile?

 Is there a way to make the server secure?

Thanks,
Marco
Reply | Threaded
Open this post in threaded view
|

Re: Nutch vulnerabilities

Michael Ji
No particular vunerable higher than the case you
running a web server, if I am not wrong;

tomcat is same as a webserver except JSP is its' core
engine;

Michael Ji,

--- lumavanossi <[hidden email]> wrote:

> Hi,
>
>  Is there any vulnerability on the use of Nutch that
> could let a server vulnerabile?
>
>  The use of tomcat, for example, on port 8080 can
> let the server vulnerabile?
>
>  Is there a way to make the server secure?
>
> Thanks,
> Marco
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
Reply | Threaded
Open this post in threaded view
|

Re: Nutch vulnerabilities

Paul E. Baclace
Michael Ji wrote:
> No particular vunerable higher than the case you
> running a web server, if I am not wrong;
>
> tomcat is same as a webserver except JSP is its' core
> engine;

I would suggest following any instructions that Tomcat has
for locking it down.  For instance, there is a conf setting
(the default servlet setup in conf/web.xml) to disallow
reading directories when a welcome page (index.html,
index.jsp, etc) is not present.  v5.5 comes with the manager
webapp disabled and the admin webapp uninstalled.  (I'm not
sure whether this practice started with v5.0)

The invoker servlet should be disabled (conf/web.xml) too.

I have not seen any discussion about the dumbo passwords in the
tomcat-users.xml in the default install for user tomcat and
role1.  Just in case, my practice is to change those default
passwds.  (These might be for examples.)

Paul