On 17/05/2018 15:43, Jeremy Collins wrote:
At this point we're unsure if this is an actual bug in Tomcat or an
incorrect usage of getResourceAsStream(path) on our part so
we're looking for advice.
I think it is a bit of both.
ServletContext.getResourceAsStream(path) won't normally return a
Thanks Jakel for the link and thanks Shawn for reply and some insights.
I did scan some of my application logs and can see some kind of XSS attacks
originating from china/Russia .Most of them were targeted to the database.
Tried to reproduce many of them , they don't yield anything.
I have not ye
On 17/05/18 17:43, Chris Bonk wrote:
> Hey Mark,
>
> I really appreciate your reply.
>
> I can't see anything in the revision that specifically states sanitization
> however my Java isn't the best nor my software development with regards to
> what a "Valve" would be responsible for. I suspect tha
On 17/05/18 17:03, sri devops wrote:
> Sure i will work in fixing the memory leak and i have another QQ.
>
> Now that I set autoDeploy=false in order to have more control on my tomcat. I
> stopped Tomcat, deploy war file and started tomcat and tomcat is extracting
> the war just fine without havin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Laurie,
On 5/17/18 11:33 AM, Laurie Miller-Cook wrote:
> I am very new to Tomcat so please bear with me.
Welcome.
> I currently have a Thawte certificate that is installed within IIS
> for our domain that is all managed by Rackspace.
>
> I now h
Hey Mark,
I really appreciate your reply.
I can't see anything in the revision that specifically states sanitization
however my Java isn't the best nor my software development with regards to
what a "Valve" would be responsible for. I suspect that worrying about XSS
at that level isn't a concern.
Sure i will work in fixing the memory leak and i have another QQ.
Now that I set autoDeploy=false in order to have more control on my tomcat. I
stopped Tomcat, deploy war file and started tomcat and tomcat is extracting
the war just fine without having deployOnStartup attribute stated anywhere. As
On 16 May 2018 23:01:14 BST, sri devops wrote:
>Thanks Mark, your answer is very helpful. I tried many scenarios using
>your
>inputs.
>
>I want Tomcat to NOT perform reload but it needs to perform a redeploy
>when
>context.xml is changed. So i set autoDeploy=true and commented out
>below
>section
On 17 May 2018 15:46:07 BST, Chris Bonk wrote:
>Hello,
>
>I have a strange issue, I am trying to track down the root cause for an
>ancient CVE-2006-1548
>
>http://struts.1045723.n5.nabble.com/DO-NOT-REPLY-Bug-38749-New-XSS-vulnerability-in-LookupDispatchAction-td3510079.html
>
>I can replicate the
Hi Laurie,
This is what I do. I don't use keystore.
I use this within SSLHostConfig section.
> On May 17, 2018, at 11:33 AM, Laurie Miller-Cook
> wrote:
>
> Hi there,
>
> I am very new to Tomcat so please bear with me.
>
> I currently have a Thawte certificate that is installed within I
Hi there,
I am very new to Tomcat so please bear with me.
I currently have a Thawte certificate that is installed within IIS for our
domain that is all managed by Rackspace.
I now have a new server set-up with Tomcat 8.5.11 installed and have created a
keystore.
I have been supplied by Racksp
Hello,
I have a strange issue, I am trying to track down the root cause for an
ancient CVE-2006-1548
http://struts.1045723.n5.nabble.com/DO-NOT-REPLY-Bug-38749-New-XSS-vulnerability-in-LookupDispatchAction-td3510079.html
I can replicate the XSS in Tomcat 4.0.6, however in Tomcat 6.0.37 the html
Hi,
We're seeing an issue with how WebResources are cached that started
occurring in Tomcat 8.0.39 (we're using Ubuntu Xenial but I don't believe
it's related to anything in the OS).
Some of the CSS/JS files that we serve are packed inside JAR files. These
files are served by a filter that list
Dear Kiran,
there might be many other ways to compromise your server. But I wonder about
the application you run on you Tomcat and if you know about the wide-used
exploit in the Java JSF library "Primefaces" (see
https://www.exploit-db.com/exploits/43733/).
With greetings
Guido
>-Origina
14 matches
Mail list logo
