It seems that after we scan several tomcat servers with Greenbone, we need to reinstall tomcat.
So this has happened several times now and the common factor was that that week we had run a vulnerability scan from a kali distro.
We restart tomcat to leave the system in a clean state after the scan … but tomcat then freezes.
The apps do upload - we can see the logs and some even open ports.
But apache cannot talk to tomcat. http://localhost:8080 shows nothing … frozen
various telnet on the various ports - connections open … port is listening … but they are all frozen.
in fact nothing but a clean reinstall will work.
has anyone had such an experience ?
Tomcat requires a shared secret for apache to connect … so i would assume greenbone will not be able to connect to tomcat easily. But it does seem to render any tomcat installation dead.
The only thing I can think of is to start to break up the VTs being run (which scan config are you running?) against the target into segments until you can narrow down which VT is causing the problem. Divide and conquer, or start with the most suspicious VTs first? Do you have safe checks enabled? Are you including DOS attacks?
I guess that after identifying the specific VT that is causing the issue, to assess the .nasl script to determine how the VT interacts with the Tomcat server, can you debug Tomcat while running that VT?
ReInstall does not solve your issue, you need to find out (WHAT) exactly happens. Try to run a extensive log and check (WHY) your tomcat does not come up ? Maybe you have a serious issue with your installation, not only GVM might interrupt you tomcat but any other attacker can as well.
Tools like tcpdump and strace are your friend finding our what exactly happens. If you find this details you can see WHY your tomcat freezes … and then it is possible to detect the DoS and why your installation break.