Timothy Wonil Lee wrote:
> I am especially interested in those two session hijacking vulnerability
> fixes. Are they included in 5.5.25?
Yes.
> Second question is: if they are fixed in 5.5.25, is it possible to just drop
> in the Jar files (catalina.jar?) to the current production Tomcat server/li
I have two questions regarding security fixes included in 5.5.25
On changelog page (http://tomcat.apache.org/tomcat-5.5-doc/changelog.html),
two security fixes are included: Fix XSS security vulnerability
(CVE-2007-2450) and Fix XSS security vulnerabilities (CVE-2007-2449)
But on Security Reports
Hi,
I have a bunch of tomcat servers in a clustered configuration, and
currently we use a syslog-ng for aggregating the log files off these hosts.
I was wondering whether it was possible to cause tomcat to syslog its
start, stop, restart, reload actions to syslog, maybe using log4j?
It wou
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Subject: RE: Connection pooling, is it the right way to do it?
>
> I'm using Tomcat 5.5.9.
Which is nearly 2.5 years old. Anytime you utilize invalid parameters,
you run the risk of encountering undefined behavior in any level of the
softwar
Here,
using container security, as such we do not provide for a "logout"
option. We see no need for a logout as there is no reason for our user
to change identity :) If you keep a session after logout, the risk that
might occur is that some datas that are to be considered "confidential"
remai
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Subject: RE: Connection pooling, is it the right way to do it?
> >
> > Ok, once remove those 2 attributes, the rest is fine and good
> > to be used?
>
> Probably, but you'll have to try it. You never did mention what version
> of Tomcat you
[EMAIL PROTECTED] wrote:
See Thread at: http://www.techienuggets.com/Detail?tx=12338 Posted on behalf of
a User
It didn't work. I got a 500 later in my code. Here's what I did:
if(detail.size() > 0)
{
dbutil = new DBUtil(getServletConfig().getInitParameter(Constants
See Thread at: http://www.techienuggets.com/Detail?tx=12338 Posted on behalf of
a User
OK. My fault. This works:
else
{
response.sendError(404, "");
return;
}
Now when I look in my http server log I see a status of 404 with the original
URL.
Thanks for your help.
In Response To
See Thread at: http://www.techienuggets.com/Detail?tx=12338 Posted on behalf of
a User
It didn't work. I got a 500 later in my code. Here's what I did:
if(detail.size() > 0)
{
dbutil = new
DBUtil(getServletConfig().getInitParameter(Constants.JNDI_NAME));
See Thread at: http://www.techienuggets.com/Detail?tx=12338 Posted on behalf of
a User
Thanks very much. I will try that.
In Response To:
[EMAIL PROTECTED] wrote:
> See Thread at: http://www.techienuggets.com/Detail?tx=12338 Posted on behalf
> of a User
>
> I have a J2EE application residin
[EMAIL PROTECTED] wrote:
See Thread at: http://www.techienuggets.com/Detail?tx=12338 Posted on behalf of
a User
I have a J2EE application residing on Tomcat. The pages are dynamically
generated. If a use enters an invalid request I redirect him to a generic error
page (which isn't really an e
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Subject: RE: Connection pooling, is it the right way to do it?
>
> Ok, once remove those 2 attributes, the rest is fine and good
> to be used?
Probably, but you'll have to try it. You never did mention what version
of Tomcat you're using, a
See Thread at: http://www.techienuggets.com/Detail?tx=12338 Posted on behalf of
a User
Hi Martin,
My name's Jason. I am posting from a Tomcat Forum on a website. Sam must be the
admin person...? Anyway what's happening is that if a user request causes a
page request for a non-existent page we
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Subject: Re: Connection pooling, is it the right way to do it?
> >
> > So context.xml and web.xml are fine?
>
> Not quite - you definitely should remove the path and docBase
> attributes. They are not allowed when the element is in
> META-
Sam-
How is your custom error page being indexed?
M--
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immedia
See Thread at: http://www.techienuggets.com/Detail?tx=12338 Posted on behalf of
a User
I have a J2EE application residing on Tomcat. The pages are dynamically
generated. If a use enters an invalid request I redirect him to a generic error
page (which isn't really an error page but just a jsp th
Today I noticed in my access log file, for the first time, what looks
like an attempt to exploit a security vulnerability in Tomcat. I've
seen thousands of attempted exploits against software that I'm not
even running (IIS, SQL Server, PHP) but this is the first one I've
seen directed at Tomcat spe
My apologies. I didn't know whether to send this to the user's list or the
developer's list, so I sent to both.
Best wishes,
--Dan Schwartz
"PTS" <[EMAIL PROTECTED]> wrote:
> Mark,
>
> Did he post to the dev list or another list as well? Just curious why this
> would be a cross post.
>
> Dou
Create a simple index.jsp and declare it as your welcome file in web.xml:
index.jsp
In this jsp, make use of a logic redirect to actually redirect to your
action through a global ActionForward:
<%@ taglib uri="http://struts.apache.org/tags-logic"; prefix="logic" %>
Then update your struts-co
> Now that was just plain unnecessary. Sure it was a lazy question, but
> you could always just delete it.
Sorry it was absolutly not my intention to send this mail to the list
I guess it was just an over-reaction caused by all those
over-spammed forum.java.sun.com forums :-/
lg Clemens
---
On 9/9/07, Miren Urkixo <[EMAIL PROTECTED]> wrote:
> And into the web.xml i have:
>
>
> /Index.do
>
I believe that should be "index.do" rather than "/index.do".
(And presumably not starting with an upper-case "I"...)
FWIW,
--
Hassan Schroeder [EMAIL PROTECTED]
---
Yes, first dev, second user.
PTS wrote:
Mark,
Did he post to the dev list or another list as well? Just curious why
this would be a cross post.
Doug
- Original Message - From: "Mark Thomas" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Sunday, September 09, 2007 10:14 AM
Subjec
hello
thanks for your answer.
When i call: http://localhost:8080/Index.do the aplic show me the page well,
the tomcat shows me the index page but if i call http://localhost:8080/ it
not shows me the page.
In my struts.config i have:
Configuration 1.1//EN"
"http://jakarta.apache.org/struts/dt
Mark,
Did he post to the dev list or another list as well? Just curious why this
would be a cross post.
Doug
- Original Message -
From: "Mark Thomas" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Sunday, September 09, 2007 10:14 AM
Subject: Re: Corrupted archive file?
Please
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Subject: Re: Connection pooling, is it the right way to do it?
>
> So context.xml and web.xml are fine?
Not quite - you definitely should remove the path and docBase
attributes. They are not allowed when the element is in
META-INF/context.x
Please do not cross-post.
Mark
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hello,
The file
http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.17/bin/apache-tomcat-5.5.17.exe
appears to be corrupted. In fact it seems to be about half the size it
should be, as compared with other distributions of Tomcat.
Could you please check this and let me know?
I need this ve
> Hi.
>
> 1. Your docBase and path attributes are at best optional. As long as
> your context.xml is delivered in your webapp's META-INF folder, it
> should be used automagically.
>
So context.xml and web.xml are fine? And yes, both are dployed with the
application
> 2. I would trade the autoRec
Try creating an empty file named "Index.do" in "/".
Greetings, Lilianne E. Blaze
Miren Urkixo wrote:
> Hello
> I am trying to make one web aplication using struts into one tomcat
> 5.0.XX
> In my web.xml file i writte whic is my welcome file, one struts action
> (Index.do) but the tomcat doesn't
29 matches
Mail list logo
