Re: CsrfPreventionFilter for REST

2012-09-25 Thread Violeta Georgieva
Hi, Did you have a chance to check the issue and the proposal? Can I provide more information in order to make to them clearer? Thanks a lot. Violeta 2012/9/21 Violeta Georgieva >Hello, > > ** ** > > *Background information:* > > We are trying to protect our RESTful > APIs

RE: Setting JVM Parameters in Windows Service for Tomcat7

2012-09-25 Thread Jeffrey Janner
> -Original Message- > From: Matthias Müller [mailto:mm4...@googlemail.com] > Sent: Thursday, September 20, 2012 2:02 PM > To: Tomcat Users List > Subject: Re: Setting JVM Parameters in Windows Service for Tomcat7 > > Hi, > > >Environment variables are irrelevant when running services. Th

Re: Downloading binary version of vulnerable tomcat 6.0.0 - 6.0.20 to exploit the vulnerabilty CVE-2009-2693

2012-09-25 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ragini, On 9/25/12 9:59 AM, Ragini wrote: > On 09/25/2012 03:42 PM, Mark Thomas wrote: >> On 9/25/12 7:15 AM, Ragini wrote: >>> 1) I insert code to create a directory in user's home directory >>> in one of the java class of my web application. 2) I de

Re: Downloading binary version of vulnerable tomcat 6.0.0 - 6.0.20 to exploit the vulnerabilty CVE-2009-2693

2012-09-25 Thread Ragini
On 09/25/2012 03:42 PM, Mark Thomas wrote: On 25/09/2012 12:15, Ragini wrote: Hi, I want to try to exploit tomcat vulnerability CVE-2009-2693. From site it says that the affected version are from 6.0.0 to 6.0.20. I could not find any of this on official apache tomcat website. I want to do some

Re: AuthenticatorBase setChangeSessionIdOnAuthentication without cookies

2012-09-25 Thread Brian Burch
On 24/09/12 19:50, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/23/12 5:46 AM, Brian Burch wrote: However, in the case where the client is not using cookies (my test disables them for its Context), there does not appear to be a way for the server to comm

Re: Downloading binary version of vulnerable tomcat 6.0.0 - 6.0.20 to exploit the vulnerabilty CVE-2009-2693

2012-09-25 Thread Mark Thomas
On 25/09/2012 12:15, Ragini wrote: > Hi, > > I want to try to exploit tomcat vulnerability CVE-2009-2693. From site > it says that the affected version are from 6.0.0 to 6.0.20. I could not > find any of this on official apache tomcat website. I want to do some > tests on that vulnerable versions.

Re: Downloading binary version of vulnerable tomcat 6.0.0 - 6.0.20 to exploit the vulnerabilty CVE-2009-2693

2012-09-25 Thread Daniel Mikusa
On Sep 25, 2012, at 7:15 AM, Ragini wrote: > Hi, > > I want to try to exploit tomcat vulnerability CVE-2009-2693. From site it > says that the affected version are from 6.0.0 to 6.0.20. I could not find any > of this on official apache tomcat website. I want to do some tests on that > vulnerab

Downloading binary version of vulnerable tomcat 6.0.0 - 6.0.20 to exploit the vulnerabilty CVE-2009-2693

2012-09-25 Thread Ragini
Hi, I want to try to exploit tomcat vulnerability CVE-2009-2693. From site it says that the affected version are from 6.0.0 to 6.0.20. I could not find any of this on official apache tomcat website. I want to do some tests on that vulnerable versions. *Could you please guide me from where I

Re: running auth-methods DIGEST + BASIC in parallel

2012-09-25 Thread manuel aldana
On 09/24/2012 08:45 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Manuel, On 9/24/12 2:00 PM, manuel aldana wrote: Am 24.09.12 18:51, schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Manuel, 2. Write a custom Authenticator Valve If y