"Sekar, Vasanth" wrote:
>
>> All evidence at the moment indicates that your JSP code is the most
>> likely suspect.
>Okay, I will scan through the logic in the code once again very
>closely.
A better idea would be to create the simplest possible JSP that reproduces the
issue and then show us
"Caldarale, Charles R" wrote:
>> From: a b [mailto:jruoh...@gmail.com] On Behalf Of Jukka Ruohonen
>> Subject: Re: Tomcat 6.0.18 Caching Question
>
>> I am not too keen to see every other question on this list
>> being turned into a question about upgrading.
>
>There are two significant reasons
lokesh borse schrieb:
>Hi,
>
>We are using Apache 2.2 installed on windows server 2008 Enterprise
>edition, 64 bit. I am extremely surprised that the log file mod_jk.log
>(Apache2.2/logs) is increasing so rapidly to 21 GB and I am having
>space
>issue due to the same.
>
>I did search on intern
> All evidence at the moment indicates that your JSP code is the most
likely suspect.
Okay, I will scan through the logic in the code once again very closely.
Like I said before the same code works fine in JRUN and also in Tomcat
for the first time. This problem occurs only in Tomcat upon subseque
Hi,
We are using Apache 2.2 installed on windows server 2008 Enterprise
edition, 64 bit. I am extremely surprised that the log file mod_jk.log
(Apache2.2/logs) is increasing so rapidly to 21 GB and I am having space
issue due to the same.
I did search on internet but could not find any useful.
Test it yourself. Are you able to access a directory or file below the
level of the webapps directory, simply by using a specially crafted request?
*With our testing could not access any files/directory outside webapps
folder.*
Thanks & Regards,
Aditi
For example, if inside of your webapps directory, you had symbolic links
leading elsewhere (but I don't think that under Windows this works).
*Inside webapps directory, we do not have any symbolic links.*
In your normal setup, is there any front-end system in front of Tomcat, or
do clients
alwa
>> *Whether someone can get access to any file/directory outside the tomcat
>> webapps folder using "Style 1 (using ..\ equivalent in the URL itself)
>> Directory traversal attack (scoped to Tomcat) on Windows".*
Have you tried this?
How does Tomcat respond?
I tried to access some files outsid
> From: Sekar, Vasanth [mailto:vasanth.se...@supervalu.com]
> Subject: RE: Tomcat 6.0.18 Caching Question
> I am trying to disable the caching under work/catalina -> _jsp.java &
> _jsp.class by doing the following
That's not "caching"; that's where the translated and then compiled JSP are
place
> From: a b [mailto:jruoh...@gmail.com] On Behalf Of Jukka Ruohonen
> Subject: Re: Tomcat 6.0.18 Caching Question
> I am not too keen to see every other question on this list
> being turned into a question about upgrading.
There are two significant reasons for sites to stay up to date on server
On Thu, Nov 22, 2012 at 04:49:42PM +, Pid wrote:
> > Have you read the security vulnerability pages?
>
> Maybe he's emailing us from the year 2008.
Maybe. That said, I am not too keen to see every other question on this list
being turned into a question about upgrading. Most of the questions
Dears,
My PC environment are windows XP professional Version 2002 Service Pack 3,
JDK1.6, Tomcat7.0.30.
my Java web project is an internet online chat-room based on websocket. I run
the local-host service in Tomcat and then connect my chat-room in chrome,
if the connection between server and br
Hi,
I tried to use the Apache Tomcat Native Library 1.1.24 using APR version
1.4.6 with my Tomcat 7.0.32 server but after installing it
I cannot connect over ipv4.
Using Tomcat with the Native Library on Fedora 14 everything starts up fine.
However a telnet 127.0.0.1 80 gives a 'Connection ref
I am trying to disable the caching under work/catalina -> _jsp.java &
_jsp.class by doing the following
In context added the following cachingAllowed = false parameter
Deleted the work/catalina cache and restarted the tomcat server. Tired
to access the app and _jsp.java & _jsp.class showed up ag
Sekar, Vasanth wrote:
I very well understand the point everyone are trying to make here . But,
unfortunately I have to go with the approved version with in our environment. I
believe there were also talks about 7.0.26 but it will be quite some time
before they pilot everything and approve the
I very well understand the point everyone are trying to make here . But,
unfortunately I have to go with the approved version with in our environment. I
believe there were also talks about 7.0.26 but it will be quite some time
before they pilot everything and approve the version for Prod usage :
On 22/11/2012 16:29, Mark Thomas wrote:
> On 22/11/2012 15:39, Sekar, Vasanth wrote:
>> That's the standard version that we have inside our environment for Prod
>> move at this point.
>> Tomcat 7.0.8 build is underway but not in our Prod environment yet. So, for
>> now
>> I have to use the curren
> From: Sekar, Vasanth [mailto:vasanth.se...@supervalu.com]
> Subject: RE: Tomcat 6.0.18 Caching Question
> That's the standard version that we have inside our environment for
> Prod move at this point.
Your upgrade strategy is very seriously flawed.
> Tomcat 7.0.8 build is underway but not in
On 22/11/2012 09:52, Aditi Sinha wrote:
> Hi Andre,
>
> Agree with your points.
>
> Just wanted to know more about “Directory Traversal Attack".
> Can it lead to access of directories outside Tomcat/webapps folder also
For the last time, this is in all probability a false positive due to a
crap
Aditi Sinha wrote:
Thanks Guys.
As per my reading of the suggested material and looking at the logs that
Andre has shared, I think there are two ways in which the directory
traversal attack could be made.
1. By having ..\ equivalents in the URL itself
2. By having ..\ equivalents in the request
On 22/11/2012 15:39, Sekar, Vasanth wrote:
> That's the standard version that we have inside our environment for Prod move
> at this point.
> Tomcat 7.0.8 build is underway but not in our Prod environment yet. So, for
> now
> I have to use the current standard version and hence using this particu
Hi,
Please see my inline comments.
Thank you,
Regards,
Vasanth Sekar
-Original Message-
From: Pid * [mailto:p...@pidster.com]
Sent: Thursday, November 22, 2012 1:28 AM
To: Tomcat Users List
Subject: Re: Tomcat 6.0.18 Caching Question
On 22 Nov 2012, at 07:15, "Sekar, Vasanth" wrote:
Andrew,
Your answer in the third part is what I wanted confirmation on.
Thanks for the help and detailed answer,
Kent
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Thursday, November 22, 2012 3:06 AM
To: Tomcat Users List
Subject: Re: Running two dif
On 22/11/2012 15:11, David Kerber wrote:
> On 11/22/2012 8:35 AM, Aditi Sinha wrote:
>> Thanks Guys.
>>
>> As per my reading of the suggested material and looking at the logs that
>> Andre has shared, I think there are two ways in which the directory
>> traversal attack could be made.
>>
>> 1. By h
On 11/22/2012 8:35 AM, Aditi Sinha wrote:
Thanks Guys.
As per my reading of the suggested material and looking at the logs that
Andre has shared, I think there are two ways in which the directory
traversal attack could be made.
1. By having ..\ equivalents in the URL itself
2. By having ..\ equ
> From: Pankaj Dahiya [mailto:pankaj_dah...@infosys.com]
> Subject: RE: Apache Tomcat upgrade from 6.0.20 to 6.0.36
Don't top post.
> Saw some links on internet.
Why don't you use the proper documentation rather than search? There's a link
on the Tomcat home page:
http://tomcat.apache.org/mig
Thanks Guys.
As per my reading of the suggested material and looking at the logs that
Andre has shared, I think there are two ways in which the directory
traversal attack could be made.
1. By having ..\ equivalents in the URL itself
2. By having ..\ equivalents in the request parameters.
In my c
Athanasios Kostopoulos wrote:
On 22/11/12 10:52, Aditi Sinha wrote:
Hi Andre,
Agree with your points.
Just wanted to know more about “Directory Traversal Attack".
Can it lead to access of directories outside Tomcat/webapps folder also
or can it just try to access the applications within Tom
On 22/11/12 10:52, Aditi Sinha wrote:
Hi Andre,
Agree with your points.
Just wanted to know more about “Directory Traversal Attack".
Can it lead to access of directories outside Tomcat/webapps folder also
or can it just try to access the applications within Tomcat/webapps
folder only?
Than
Hi Andre,
Agree with your points.
Just wanted to know more about “Directory Traversal Attack".
Can it lead to access of directories outside Tomcat/webapps folder also
or can it just try to access the applications within Tomcat/webapps
folder only?
Thanks & Regards,
Aditi
2012/11/21 Johan Gunnarsson :
> Is there some way to "tag" log messages in log4j.properties depending on
> different criteria?
>
> Today I am splitting up the files like this:
>
> log4j.category.foo.bar=WARN, ALOG, CATCHALL
> log4j.category.foo.bar.mvc.dao.core.EscenicFieldsImpl=ERROR, ALOG, CATCHA
On the risk to miss something,
if we run 2 tomcats,
we have two JVM's running,
AND
each is listening on a set of exactly defined ports
this as per tomcat xml files used to configure each tomcat.
How about that?
On which port do you intend
to talk to tomcat-6.0.26 and on which port do you inte
On Thu, Nov 22, 2012 at 10:33 AM, Konstantin Kolinko wrote:
> 2012/11/21 Andrei Petru Mura :
> > In my servlet's post method I have the following:
> >
> > protected void doPost(HttpServletRequest request, HttpServletResponse
> > response) throws ServletException, IOException {
> >
> > if
> >
If you top-post (which is strongly discouraged on this list), it makes it very difficult
to answer your questions and still leave the whole thing understandable for other people
who may try to follow this thread.
Aditi Sinha wrote:
Hi Mark, Chuck,
Thanks for the explanation.
On checking fou
2012/11/21 Andrei Petru Mura :
> Hello,
>
> My issue can be related to Servlets, but it also can be related to Tomcat.
> I'm using tomcat 7.0.27.
> In my servlet's post method I have the following:
>
> protected void doPost(HttpServletRequest request, HttpServletResponse
> response) throws ServletE
On 22 Nov 2012, at 07:34, Aditi Sinha wrote:
> Hi Mark, Chuck,
>
> Thanks for the explanation.
>
> On checking found that, below system properties are set to true by our
> application for a requirement.
> org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH:
> true
>
> org.apac
On 22 Nov 2012, at 07:15, "Sekar, Vasanth" wrote:
> Hello-
> I am working on a project where we are migrating a web app from JRUN 4.0
> to Tomcat 6.0 and facing some sort of caching problem with one of the
> functionality.
You refer to Tomcat 6.0.18 in the subject, why would you 'upgrade' to
a r
Read the Tomcat docs for installation and install a new Tomcat
alongside the old one.
Compare the configuration, adjust the new one as required and as per
the docs. NB don't blindly copy old config files.
Stop the old one.
Start the new one.
Deploy your app to it.
p
On 22 Nov 2012, at 08:10
Saw some links on internet.
We will be making the upgrade on Linux. It was deployed long back so not sure
how was this completed earlier.
Regards,
Pankaj Dahiya | Infosys, Chandigarh | +91 172 5021100 x 6536, +91 9646338213 |
www.infosys.com
-Original Message-
From: André Warnier [ma
Kent Cole wrote:
I did exactly that. I have tomcat 6.0.26 as my current production. I
installed tomcat 7.0.32 to test my app on before migrating it. I have the
following environmental variable in both .bash_profile and .bashrc
CATALINA_HOME=/var/apache-tomcat-6.0.26
When I run ./startup.sh f
40 matches
Mail list logo
