Thanks Jakel for the link and thanks Shawn for reply and some insights. I did scan some of my application logs and can see some kind of XSS attacks originating from china/Russia .Most of them were targeted to the database. Tried to reproduce many of them , they don't yield anything.
I have not yet figured as how they have gained entry to the system.I will spend some time this weekend to patch the things up and see if I can investigate this further. On Thu, May 17, 2018 at 3:11 AM, Jäkel, Guido <g.jae...@dnb.de> wrote: > Dear Kiran, > > there might be many other ways to compromise your server. But I wonder > about the application you run on you Tomcat and if you know about the > wide-used exploit in the Java JSF library "Primefaces" (see > https://www.exploit-db.com/exploits/43733/). > > With greetings > > Guido > > >-----Original Message----- > >From: Kiran Badi [mailto:ki...@poonam.org] > >Sent: Wednesday, May 16, 2018 7:13 PM > >To: Tomcat Users List <users@tomcat.apache.org> > >Subject: Re: Amazon EC2 Tomcat 7.0.85 not starting up due to some memory > issue .Please mask if > > > >Yes tomcat is not starting up. I am also suspecting that EC2 instance was > >probably compromised. Not sure as how but I see some rogue programs were > >running under tomcat user. I use putty with private keys to login and > those > >keys are not in public view for sure. > > >
