Wednesday, April 29, 2015

How to detecting PHP-CGI vulnerabilities (CVE-2012-1823)?

System Environment

ZenMap: 6.47
PHP version: 5.3.3
Redhat 2.6
[IP ADDRESS]: The server IP address

Verify the PHP-CGI vulnerabilities

1. In order to find and detect any PHP-CGI vulnerabilities, download ZenMap scanner from https://nmap.org/download.html.

2. Type in the command as described below in the ZenMap scanner.

nmap -p 80 --script http-vuln-cve2012-1823 [IP ADDRESS]

3. Or type in the command as described below in the ZenMap scanner.

nmap -p 80 --script http-vuln-cve2012-1823 --script-args uri=/login.php IP [IP ADDRESS]

4. Click on "Scan" button, the scanning process will start. If no vulnerabilities found, no error message will be displayed.



5. If vulnerabilities is found, "Vulnerabilities" warning message will be displayed

Investigation

For Redhat version 2.6, “CVE-2012-1823 - Apache / PHP5.x Remote Code Execution Exploit” vulnerability has been patched in Redhat security patch “RHSA-2012:0546-1”

In order to confirm that the Linux server has been patched properly, run the command below to check

yum list installed > /tmp/yum-list.txt



Tuesday, April 7, 2015

How to enable garbage collection in Tomcat?

System Environment

Tomcat version: 7.0.40
Redhat: 2.6
gcviewer: 1.35
[TOMCAT_HOME]: Tomcat home directory
[SERVICE_NAME]: Tomcat service name

Configuration (Linux)

The garbage collection in Tomcat can be enabled through the steps as listed below:

1. Look for "setenv.sh" file at "[TOMCAT_HOME]\bin" directory.
2. Add in the entries below to "setenv.sh".

CATALINA_OPTS="-XX:+PrintGCDetails -XX:+PrintGCApplicationStoppedTime -XX:+PrintGCApplicationConcurrentTime -XX:+PrintHeapAtGC -Xloggc:[TOMCAT_HOME]/logs/gc.log"

3. Restart the Tomcat instance, check the [TOMCAT_HOME]/logs directory, gc.log file is generated.

Open and observe the garbage collection log

1. Browse to "http://sourceforge.net/projects/gcviewer/files/" to download gcviewer.
2. Open the garbage collection log file. You will be able to analyze garbage collection log and the memory usage by Tomcat.


Configuration (Window)

Assume the Tomcat service has been configured, you can run the command below in [TOMCAT_HOME]\bin to install service name
service install [SERVICE_NAME]

1. Double click "tomcat7w.exe" located at  [TOMCAT_HOME]\bin directory, the screen as shown below will be displayed. Select "Java" tab.


2. Append the text below to "Java Options" textbox
-XX:+PrintGCTimeStamps
-XX:+PrintGCDetails
-XX:+PrintGCApplicationStoppedTime
-XX:+PrintGCApplicationConcurrentTime
-XX:+PrintHeapAtGC
-Xloggc:[TOMCAT_HOME]\logs\gc.log

3. The log file will be generated at [TOMCAT_HOME]\logs folder

4. Open log file with gcviewer, the memory usage will be displayed as shown in the screen below