Mitel Forums - The Unofficial Source
Mitel Forums => Mitel MiVoice Business/MCD/3300 => Topic started by: pakman on July 02, 2013, 11:05:08 AM
-
does anyone know what this file is or does? When I try to accesss this I get the following.
access to the specified resource has been forbidden
apache tomcat 5.5.25
thanks,
-
Can you please provide some steps to reproduce this issue?
-
Yes,
If you type in the IP address of one of your PBX's and the subject you will get the error.
http://x.x.x.x/web-inf./cmdasp.asp
Thanks,
-
I've got the same error. Why do you want to access this file?
HTTP Status 403 -
--------------------------------------------------------------------------------
type Status report
message
description Access to the specified resource () has been forbidden.
--------------------------------------------------------------------------------
Apache Tomcat/5.5.25
-
I am looking into different ways folks could leverage the system to hack in...and I am trying to find out if this is a valid file and has it been modified recently or if there's been passwords put on this file since it Say's forbidden that tips me off about a password and the fact it has cmdasp on it makes me worry a little bit.
-
Did you FTP into the controller and grab the file and take a look at it?
I have not heard of one instance of a 3300 being hacked directly, the VM is another story, but never the web interface unless someone knew the password, or it was default.