On 4/11/07, James Reinertson <[EMAIL PROTECTED]> wrote:
All right. So then I have two questions.
1. Is it possible to have two JRE versions (1.4.x and 1.6.x) installed
on the system running Tomcat 5.5 and set Tomcat to use JRE 1.4?
Of course. $JAVA_HOME, $JRE_HOME - set them as you like.
2.
?
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 11, 2007 5:00 PM
To: Tomcat Users List
Subject: Re: Tomcat 5.5.23 Question
James Reinertson wrote:
> It was my understanding that Tomcat 5.5 could be configured to use JRE
> 1.4 and that it had no need
James Reinertson wrote:
> It was my understanding that Tomcat 5.5 could be configured to use JRE
> 1.4 and that it had no need for an external JDK compiler.
This is correct. A 1.4 JRE works just as well as a 1.4 JDK.
Mark
-
To
Subject: Re: Tomcat 5.5.23 Question
Laura McCord wrote:
> I currently have Tomcat 5.0.28 installed and we received a security
> vulnerability notice pertaining to a "Apache Tomcat Directory
Traversal".
>
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0167.html
>
&g
Laura McCord wrote:
> So, since we are using Tomcat as a standalone then this would apply, right?
On standalone Tomcat this is not an issue since there is no proxy.
Mark
-
To start a new topic, e-mail: users@tomcat.apache.org
T
Laura McCord wrote:
> I currently have Tomcat 5.0.28 installed and we received a security
> vulnerability notice pertaining to a "Apache Tomcat Directory Traversal".
> http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0167.html
>
> We were thinking about upgrading to version 5.5.23 but
oh ok.
thanks ;)
Rui Monteiro wrote:
>
>
> Laura,
>
> It's true that there's a problem with double negative phrases.
> So to be more explict. As far as I can read from the report you showed
> the problem WOULD NOT EXIST ON STANDALONE TOMCAT.
> You can go without upgrade at least on basis of this
Laura,
It's true that there's a problem with double negative phrases.
So to be more explict. As far as I can read from the report you showed
the problem WOULD NOT EXIST ON STANDALONE TOMCAT.
You can go without upgrade at least on basis of this specific security hole.
Laura McCord escribió:
I tried to replicate the vulnerability on my site, but I couldn't
really traverse the directory tree in the way they've indicated, so I
can't really confirm whether there's a vulnerability or not.
-Rashmi
On 4/10/07, Laura McCord <[EMAIL PROTECTED]> wrote:
However, we do have another
installati
I have multiple installations of Tomcat on various servers. One in
particular is our portal server that does not have the tomcat manager
accessible so it should be fine. However, we do have another
installation on a different server that an administrator uses to
upload/modify existing web applicati
You may want to double-check with the people who wrote the report,
just to be sure.
I have a small site hosted on Tomcat 5.5.9 and I think the host
provider is using Apache connector --- my site often crashes and shuts
down and I sometimes see the directory structure. But it might not be
because
So, since we are using Tomcat as a standalone then this would apply, right?
Thanks,
Laura
Rui Monteiro wrote:
> And just in case! It desn't seem to apply in case you don't have
> Apache Server + Apache Tomcat through connector.
>
> Mensaje original
>
> Supposing the security
And just in case! It desn't seem to apply in case you don't have Apache
Server + Apache Tomcat through connector.
Mensaje original
Supposing the security vulnerability to be true as it seems (but i
didn't check) means first of all that if you don't have the Tomcat
Manager Ap
Supposing the security vulnerability to be true as it seems (but i
didn't check) means first of all that if you don't have the Tomcat
Manager Aplication working and you don't have more than one web
aplication or at least you don't have any other application proxified
then you don't have to worr
14 matches
Mail list logo
