Thanks for the reply, Mark.
If possible, can you please point to any references/docs which would
help me convince others about the directory traversal vulnerability not
impacting a standalone tomcat? Even an explanation would help.
I personally do agree that upgrading the tomcat is surely t
Hi Rainer,
I did try with the recovery_option as 7 and I was able to see a partial
content being sent even in that case.Also,this configuration is what we
tried in prod as well(we removed socket_timeout,had reply_timeout to 3
mins and recovery_options to 7).But still multiple content was
seen.So,h
Yup, looks like I'm just retarded. Thanks.
On Wed, Sep 9, 2009 at 12:02 PM, Caldarale, Charles
R wrote:
>> From: bruce.nour...@gmail.com [mailto:bruce.nour...@gmail.com]
>> On Behalf Of Bruce Nourish
>> Subject: tomcat-users.xml and manager role
>>
>>
>>
>
> A common error is to forget to remove
> From: Leon Rosenberg [mailto:rosenberg.l...@googlemail.com]
> Subject: bypassing a servlet mapping to /*
>
> /net/java/dev/moskito/webui/jsp/Producers.jsp
> now the request is processed by the servlet engine and is grabed by
> the spring dispatcher with an error:
You can always put the complete
> From: bruce.nour...@gmail.com [mailto:bruce.nour...@gmail.com]
> On Behalf Of Bruce Nourish
> Subject: tomcat-users.xml and manager role
>
>
>
A common error is to forget to remove the comment characters from around the
and elements. Post your entire tomcat-users.xml so we can look
at it
On 09.09.2009 16:11, balakarthik.baska...@wipro.com wrote:
> Thanks for your reply.I am able to simulate the problem with 1.2.28 as
> well.This is the mod_jk version that I used in my local setup.Our prod
> version has 1.2.27.So regardless of the version,the issue is seen.
OK
> Pfa the detailed
Hi,
I have an ugly situation. I have to inject some code of mine into an
existing spring mvc webapp. The code is a filter which reacts on some
urls and forwards to a jsp for presentation. The application has a
spring dispatcher servlet foo which is mapped to /*.
My problem is following:
my filter
On 09.09.2009 19:44, keeplearning wrote:
>
> I have apache 2.2.3. Not sure how to find the tomcat version. We use
> mod_proxy_ajp connector. During the test, I see high CPU usage and load on
> both appservers. So, I don't think it's the issue of everything going to one
> appserver.
>
> With what
I have apache 2.2.3. Not sure how to find the tomcat version. We use
mod_proxy_ajp connector. During the test, I see high CPU usage and load on
both appservers. So, I don't think it's the issue of everything going to one
appserver.
With what i read around, increasing maxClients does not help much
This worked fine for me conf/tomcat-users.xml - make sure this is the
full XML file:
(and then restart tomcat)
-Tim
Bruce Nourish wrote:
Hi,
I have a 6.0.20 Tomcat binary distribution downloaded and untarred
directly from the Tomcat site. My system is Ubuntu 8.04 with Java
version 1.5.0
Hi,
I have a 6.0.20 Tomcat binary distribution downloaded and untarred
directly from the Tomcat site. My system is Ubuntu 8.04 with Java
version 1.5.0_16. When I configure the manager role precisely as
directed in the 401 Error message:
I am still unable to access the manager -- the basic auth
On 9/8/09, Peter Crowther wrote:
> 2009/9/8 David Uctaa
>
>> I have inherited a Tomcat 5.5 installation running on Windows XP. There
>> are
>> processes on this box which do server-to-server connections with a third
>> party via HTTPS over SSL. We have installed the third party's SSL
>> certifi
Im not an expert on this but i thought that the pool will cache connections
that you have created. Maybe someone can clarify this.
Have a look at this
http://onjava.com/pub/a/onjava/2006/04/19/database-connection-pooling-with-tomcat.html?page=2
On Wed, Sep 9, 2009 at 9:01 AM, Chris Wiley wrot
Gee thanks, I didn't think to Google answers first, that suggestion was very
helpful.
I actually did Google it and read the threads that came up under such
searches. There were very few threads, and most of them were completely
unanswered. Those that were answered did not pertain to my circumsta
Hello,
I have a web app I have developed under Tomcat 6.0.18 and have added in the
dbcp system. As it stands now, It wants to make connections only after the
first request to the app. I want the dbcp system to initialize x number of
connections on app/server startup. I know if I want to initializ
Hi,
> keytool error: java.lang.Exception: Public keys in reply and keystore don't
> match
http://lmgtfy.com/?q=Public+keys+in+reply+and+keystore+don%27t+match&l=1
Start with that, read the thread and maybe it helps
HTH
Regards,
Serge Fonville
On Wed, Sep 9, 2009 at 5:07 PM, David Uctaa wrot
I believe all I need to do is import the new certificate into the keystore.
The certificate from our trading partner appears to be getting used for
verifying data which has been signed by them and sent to us.
So I execute the following statement to try to import the new certificate:
keytool -impo
At this point, no one on the list will have a clue since we don't know
1) apache version
2) tomcat version
3) type of connector used, mod_proxy_ajp, mod_jk, or mod_proxy_http
But if tomcat is saying All threads (250) are currently busy, waiting. -
that means it is only configured to handle 250 w
2009/9/9 keeplearning
> With what you said, shouldn't 2 tomcat servers handle 500 connections (250
> *2)?
>
Your two httpds may not load-balance perfectly - so it's quite possible that
both will direct traffic to the same Tomcat server. So, that one Tomcat
server may have to handle all the traf
Where do I see # of apache workers and tomcat workers in the config file?
With what you said, shouldn't 2 tomcat servers handle 500 connections (250
*2)?
Thanks a lot
Prakash
funkman wrote:
>
> you have a config issue. I bet you have 250 apache workers (per server)
> and 250 tomcat workers(
Hello,
sorry for the "circular file" expression ; it meant "log rotation"
Thank you Martin, Chuck for your answers.
jlm
> Message du 08/09/09 15:04
> De : "mateo-jl"
> A : "Tomcat List"
> Copie à :
> Objet : catalina error file
>
> Hello,
>
> i would like to have a circular catalina er
So are you saying that I can't get what I want using TC 5.5? Is upgrading
to TC 6 is the only option?
Thanks
--
Muthu
From:
"Bill Barker"
To:
users@tomcat.apache.org
Date:
09/04/2009 11:44 PM
Subject:
Re: how to unwrap a Request from RequestFacade
Sent
sandeepkumarnimma wrote:
>
> On 08.09.2009 17:48, sandeepkumarnimma wrote:
>>If status 500 is logged in your webapp log file, then you have to
>>discuss it with your webapp developers.
>
>>Your configuration is to basic for production use.
>
>>Read about timeouts on
>
>>http://tomcat.apache.o
Hi,
On 09.09.2009 06:56, balakarthik.baska...@wipro.com wrote:
> Hi,
> In our production envt,we are making use of a configuration of
> Apache(2.2.10-1)+Mod_jk(1.2.27)+JBOSS(4.0.5)+ATG 2007.1.
>
> We are facing a problem where multiple content is being displayed to the
> customer.It was observed
you have a config issue. I bet you have 250 apache workers (per server)
and 250 tomcat workers(per server).
But there are 500 apache workers (250 * 2). So in the worst case - you
need tomcat to handle 500 connections.
-Tim
keeplearning wrote:
I am running a load test with 2 web (apache) and
Info for Tomcat users:
Compared to other containers out there, the Tomcat web container is one of
the fastest when it comes to startup and redeploy times. In a survey
conducted over the summer (
http://www.zeroturnaround.com/blog/java-ee-container-heaven-hell-survey-results/),
Tomcat users estimat
Tadelkar, Gauravsagar (Gaurav) wrote:
> I have a tomcat at version 5.5.15 in a standalone mode and due to some
> compulsions cannot upgrade it. Does the directory traversal
> vulnerability affect tomcat in a standalone mode (the 5.5.15 ver does
> not have a fix to this vulnerability)?
No it doesn'
Markus Fischer wrote:
> Hi think there's a typo at
> http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html .
>
> If you search for "ROOR" you will find:
>
> Note that the default or ROOT context for ren would be deployed as
> $CATALINA_HOME/renapps/ROOT.war (WAR) or $CATALINA_HOME/re
I have a tomcat at version 5.5.15 in a standalone mode and due to some
compulsions cannot upgrade it. Does the directory traversal
vulnerability affect tomcat in a standalone mode (the 5.5.15 ver does
not have a fix to this vulnerability)?
Alternately, is there a way I can secure/work around this
29 matches
Mail list logo
