Bad Apple
Friday 12th March, 2010 12:59 Comments: 0
I'm surprised I haven't used that title sooner. I suspect a lot of other people have. Anyway, here's why Apple's bad:
Firstly, it's bad security practice to return default error pages, especially ones that leak version information such as Tomcat 5.5.17.
Secondly, 5.5.17 is hideously old (1st December 2005). The latest version is 5.5.28 (that came out 19th June 2009). There are a number of security issues (look for CVEs in the changelog!) with older versions, although they mostly affect parts of Tomcat you can't normally access. There are also probably several performance issues with older versions.
PS This is what I was trying to reach, but SANS ISC had a broken link. Interestingly, if I follow the broken link again I must hit a differently configured load balanced server or something like that as I now see this:
Does that mean they have poor build standards too? I'm now getting:
Maybe I caught them at a bad time?
Firstly, it's bad security practice to return default error pages, especially ones that leak version information such as Tomcat 5.5.17.
Secondly, 5.5.17 is hideously old (1st December 2005). The latest version is 5.5.28 (that came out 19th June 2009). There are a number of security issues (look for CVEs in the changelog!) with older versions, although they mostly affect parts of Tomcat you can't normally access. There are also probably several performance issues with older versions.
PS This is what I was trying to reach, but SANS ISC had a broken link. Interestingly, if I follow the broken link again I must hit a differently configured load balanced server or something like that as I now see this:
Does that mean they have poor build standards too? I'm now getting:
Maybe I caught them at a bad time?