Totally possible. I tried modifying \conf\context.xml, using both
useRelativeRedirects="true" and "false":
WEB-INF/web.xml
I also tried making the same changes in our
web-app/src/main/resources/meta-inf/context.xml in case that was overriding
somehow.
Alex
On Thu, Jan 30, 2020 at 3:07 PM
On 30/01/2020 21:00, timfox 123 wrote:
> Hello
> The server provides the localhost_access_log files with the following fields
> missing %{cookie} %{Referer} %u
> I am using: pattern="%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\" \"%{cookie}i\"" />
>
> I am runn
On 30/01/2020 19:53, Alex Pritchard wrote:
> Thanks for the response!
>
> I think you're right about identifying the wrong cause. I searched my
> way through the apache versions and isolated 7.0.79 as being the first
> version that breaks the redirect.
>
> I have tried setting useRelativeRedirect
Hello
The server provides the localhost_access_log files with the following fields
missing %{cookie} %{Referer} %u
I am using: pattern="%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" \"%{cookie}i\"" />
I am running:
tomcat 8.5.23 openjdk version "1.8.0_232
Thanks for the response!
I think you're right about identifying the wrong cause. I searched my
way through the apache versions and isolated 7.0.79 as being the first
version that breaks the redirect.
I have tried setting useRelativeRedirects to both explicitly true and
false, though it seemed to
On 30/01/2020 17:41, David Cleary wrote:
> One of our customers got binged on a security audit because some Windows
> binaries weren't compiled with the security features listed below. TCNative
> is on that list. We only include it for our Windows distributions since it is
> available in binary
On 30/01/2020 18:41, Alex Pritchard wrote:
> Hi,
>
> Trying to drag a legacy app forward and running into a breaking change
> based on the fact that we're using struts2 to serve some JSPs from a
> directory outside our context root by taking advantage of the now-patched
> directory traversal explo
Hi,
Trying to drag a legacy app forward and running into a breaking change
based on the fact that we're using struts2 to serve some JSPs from a
directory outside our context root by taking advantage of the now-patched
directory traversal exploit.
Essentially the action class is returning @Result(
One of our customers got binged on a security audit because some Windows
binaries weren't compiled with the security features listed below. TCNative is
on that list. We only include it for our Windows distributions since it is
available in binary form. One side effect of ASLR is that pointers ca
The problem is that I cannot make it from within the application. I have no
control on the application, only on the server, so I have to be able to set
the cookie either in a server configuration or in a component which will
reside in the server. I am concerned particularly with the SmaeSite
attrib
> On 30 Jan 2020, at 00:09, Christopher Schultz
> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Xavier,
>
> On 1/29/20 3:23 PM, Xavier (Apache) wrote:
>> Hello Tomcat list,
>>
>> I’m struggling with a classpath problem. I have a webapp deployed
>> under Tomcat. I have setu
Thanks Mark and Chris for providing the info.
IIRC, we are parsing a little of the initial handshake packet for a few things.
Would it be possible to snatch the protocol version from there and report it in
the log file?
Manish> is this available into some log file today and this be added into s
12 matches
Mail list logo
