25
> PM To: Tomcat Users List Subject: AW:
> Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
>
> Hi Abishek,
>
>> -Ursprüngliche Nachricht- Von: Kumar, Abhishek (IT
>> Information Services )
>> [mailto:abhishek.kum...@originenergy.com.a
: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token
Hi Abishek,
> -Ursprüngliche Nachricht-
> Von: Kumar, Abhishek (IT Information Services )
> [mailto:abhishek.kum...@originenergy.com.au]
> Gesendet: Dienstag, 10. Januar 2017 12:17
> An: users@to
this
> vulnerability to obtain a valid cross-site request forgery (CSRF) token
> during the redirect issued when requesting /manager/ or /host-manager/. This
> token can be utilized by an attacker to construct a CSRF attack.
>
> This is a Vulnerability issue with Tomcat 8.0.15
) token during
the redirect issued when requesting /manager/ or /host-manager/. This token can
be utilized by an attacker to construct a CSRF attack.
This is a Vulnerability issue with Tomcat 8.0.15.
We have this version of Tomcat installed in our Servers.
As suggested by Tomcat, this has been
Hi Marina,
did you manage to solve your problem?
I'm running into the same issue that relative URLs are note resolved while
loading the XSD Definitions in Tomcat 8.0.30.
Below you'll find my stacktrace.
Thanks in advance
Joern
java.lang.IllegalArgumentException: The resource path
[/./../../me
On 29/01/2016 18:18, juliesur wrote:
> My webapp does show poor performance and stops responding after a while ,
> with these errors in the log.
> I have been unable to replicate the issue in my testing environment during
> load testing.
> The error appears only in production .
>
> I haven't trie
My webapp does show poor performance and stops responding after a while ,
with these errors in the log.
I have been unable to replicate the issue in my testing environment during
load testing.
The error appears only in production .
I haven't tried another connector or diff tomcat version. I want
> From: Julie Sur [mailto:julie...@gmail.com]
> Subject: Re: Tomcat 8.0.15
> I am using tomcat 8.0.15, jdk1.8.0_45 with my application and I am seeing
> below errors in my log. Is this a bug with the tomcat version that I am
> using ?
Could be, but it's more likely an a
Resending the email as I got failure notification earlier
Thanks
Julie
On Thu, Jan 7, 2016 at 12:44 PM, Julie Sur wrote:
> Hi,
> I am using tomcat 8.0.15, jdk1.8.0_45 with my application and I am seeing
> below errors in my log. Is this a bug with the tomcat version that I a
On 31/03/2015 10:29, Selvakumar Sellamuthu Ayyavu wrote:
> Question:
>
> Is it a known problem?
No.
> If so, can I get a link from issue tracker?
N/A.
> Can I have a work around?
N/A.
> If you want more info, please let me know...
1. Do you see the issue with Apache Tomcat 8.0.21?
2. If y
Hi All,
Problem: PNG images are served intermittently from Apache Tomcat 8.0.15 in IE8
Platform: Windows Server 2008
Description:
I have recently migrated from Tomcat 7 to Tomcat 8.
Everything is working fine in Tomcat 8. Except these PNGs.
But when I run WAR in Tomcat 7 these problems are not
u have a copy of the source code. If you checked-out
from svn, just do this:
/path/to/tomcat-8.0.15 $ svn diff > patch.file
and post the patch file.
If you just downloaded the source in e.g. ZIP, tarball, etc., re-fetch
a pristine copy of the file and then do:
/path/to/tomcat-8.0.15 $ diff path/t
the patch ?
>
> Presumably, you have a copy of the source code. If you checked-out
> from svn, just do this:
>
> /path/to/tomcat-8.0.15 $ svn diff > patch.file
>
> and post the patch file.
>
> If you just downloaded the source in e.g. ZIP, tarball, etc., re-fe
copy of the source code. If you checked-out
from svn, just do this:
/path/to/tomcat-8.0.15 $ svn diff > patch.file
and post the patch file.
If you just downloaded the source in e.g. ZIP, tarball, etc., re-fetch
a pristine copy of the file and then do:
/path/to/tomcat-8.0.15 $ diff path/to/o
Le 20/02/2015 11:22, Rémy Maucherat a écrit :
2015-02-20 10:31 GMT+01:00 Jérémie Barthés :
I send you the patch i did to fix my issue with the RewriteValve (it was
for the 8.0.15),
The goal of that patch is to block the RewriteValve if a 302 automatic
folder '/' redirection occurs. The RewriteV
2015-02-20 10:31 GMT+01:00 Jérémie Barthés :
> I send you the patch i did to fix my issue with the RewriteValve (it was
> for the 8.0.15),
> The goal of that patch is to block the RewriteValve if a 302 automatic
> folder '/' redirection occurs. The RewriteValve will rewrite the redirected
> URL.
>
"instead of just a snippet of "fixed" code"
Sorry Chris,i didn't read this.
How do you want me to provide the patch ?
Jérémie
Le 20/02/2015 10:31, Jérémie Barthés a écrit :
I send you the patch i did to fix my issue with the RewriteValve (it
was for the 8.0.15),
The goal of that patch is to b
I send you the patch i did to fix my issue with the RewriteValve (it was
for the 8.0.15),
The goal of that patch is to block the RewriteValve if a 302 automatic
folder '/' redirection occurs. The RewriteValve will rewrite the
redirected URL.
first step :
http://localhost:8080/mypath/async => r
Am 20.02.2015 08:49, schrieb Rainer Jung:
Am 19.02.2015 um 22:13 schrieb Felix Schumacher:
Am 19.02.2015 um 21:41 schrieb André Warnier:
Jérémie Barthés wrote:
...
Make a file rewrite.config in conf/Catalina/localhost/ that contains
:
RewriteRule^/mypath/(.*)$/examples/jsp/$1
copy
Am 19.02.2015 um 22:13 schrieb Felix Schumacher:
Am 19.02.2015 um 21:41 schrieb André Warnier:
Jérémie Barthés wrote:
...
Make a file rewrite.config in conf/Catalina/localhost/ that contains :
RewriteRule^/mypath/(.*)$/examples/jsp/$1
copy the line
in the conf/server.xml fil
Am 20. Februar 2015 00:43:40 MEZ, schrieb "André Warnier" :
>André Warnier wrote:
>> Felix Schumacher wrote:
>>> Am 19.02.2015 um 21:41 schrieb André Warnier:
Jérémie Barthés wrote:
...
>...
>
in the browser, you have to modify your rewrite rules, perhaps by
using a Rewr
André Warnier wrote:
Felix Schumacher wrote:
Am 19.02.2015 um 21:41 schrieb André Warnier:
Jérémie Barthés wrote:
...
...
in the browser, you have to modify your rewrite rules, perhaps by
using a RewriteCond with the -d flag, to check first if the URL
points to an existing directory, and
Felix Schumacher wrote:
Am 19.02.2015 um 21:41 schrieb André Warnier:
Jérémie Barthés wrote:
...
Make a file rewrite.config in conf/Catalina/localhost/ that contains :
RewriteRule^/mypath/(.*)$/examples/jsp/$1
copy the line
className="org.apache.catalina.valves.rewrite.Rewrit
Am 19.02.2015 um 21:41 schrieb André Warnier:
Jérémie Barthés wrote:
...
Make a file rewrite.config in conf/Catalina/localhost/ that contains :
RewriteRule^/mypath/(.*)$/examples/jsp/$1
copy the line
className="org.apache.catalina.valves.rewrite.RewriteValve" />
in the conf/s
Jérémie Barthés wrote:
...
Make a file rewrite.config in conf/Catalina/localhost/ that contains :
RewriteRule^/mypath/(.*)$/examples/jsp/$1
copy the line
className="org.apache.catalina.valves.rewrite.RewriteValve" />
in the conf/server.xml file, line 131
Since this is a Val
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jérémie,
On 2/19/15 10:05 AM, Jérémie Barthés wrote:
> I made a scenario to make the issue happens :
>
> Use a tomcat 8.0.18
>
> Make a file rewrite.config in conf/Catalina/localhost/ that
> contains : RewriteRule^/mypath/(.*)$/examples/js
Hi,
I made a scenario to make the issue happens :
Use a tomcat 8.0.18
Make a file rewrite.config in conf/Catalina/localhost/ that contains :
RewriteRule^/mypath/(.*)$/examples/jsp/$1
copy the line
className="org.apache.catalina.valves.rewrite.RewriteValve" />
in the conf/serve
Tell me what you need about my configuration :
rewrite.config file :
RewriteRule^/jamfiles/(.*)$/newapp/jamfiles/$1
RewriteRule^/workspace/(.*)$ /newapp/htdocuments/workspace/$1
RewriteRule ^/([a-zA-Z0-9]+)(\.jsp|\.html|\.txt)$ /newapp/htdocuments/$1$2
tomcat version : 8.0.15 (tried
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jérémie,
On 2/19/15 4:54 AM, Jérémie Barthés wrote:
> When an URL target a folder on the server, tomcat automaticly add a
> "/" at the end of the URL if missing : myHost.com/myFolder =>
> myHost.com/myFolder/ (automatic tomcat 302 redirection)
>
>
Hi Chris,
When an URL target a folder on the server, tomcat automaticly add a "/"
at the end of the URL if missing :
myHost.com/myFolder => myHost.com/myFolder/ (automatic tomcat 302
redirection)
If you use a rewriteValve to forward "myHost.com/myFolder" to
"myHost.com/rewriteTrick/myFolder"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jérémie,
On 2/17/15 10:47 AM, Jérémie Barthés wrote:
> I don't have more to say than :
>
> "There is a bug using the RewriteValve :If you are targeting a
> folder and there is no "/" at the end of the URI,
The end of which URI? The one in the rewr
Hi,
I don't have more to say than :
"There is a bug using the RewriteValve :If you are targeting a folder and there is no
"/" at the end of the URI,
the rewritten URI is visible for the client browser (302 redirection).
Example :
http://myhost.com/myFolder => http://myhost.com/rewriteTrick/myFo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jérémie,
On 2/17/15 6:20 AM, Jérémie Barthés wrote:
> I just installed tomcat 8 and used the RewriteValve to forward some
> old URLs on my new tomcat8 webapp. I had an issue for URIs
> targeting a folder: If there is no "/" at the end of the URI, th
Hi,
I just installed tomcat 8 and used the RewriteValve to forward some old
URLs on my new tomcat8 webapp. I had an issue for URIs targeting a
folder: If there is no "/" at the end of the URI, the rewritten URI is
visible for the client browser (302 redirection).
Example :
http://myhost.com/myFo
Mark Thomas wrote:
> On 10/12/2014 14:21, Marina F wrote:
> > Hello,
> >
> > Tomcat 8.0.15
> >
> > I am getting an error when using web services. (no errors if using Tomcat
> > 7.0.50)
> >
> > Schema:
> >
> >
> > Error:
&g
chemaLocation="../../common/schemas/Types.xsd" />)
>> ---consumer schemas Consumer.xsd (> schemaLocation="../../common/schemas/Types.xsd" />)
>>
>> On Wed, Dec 10, 2014 at 8:42 AM, Mark Thomas
>> wrote:
>>
>>> On 10/12/2014 14:21, Marina F
Wed, Dec 10, 2014 at 8:42 AM, Mark Thomas wrote:
>
>> On 10/12/2014 14:21, Marina F wrote:
>> > Hello,
>> >
>> > Tomcat 8.0.15
>> >
>> > I am getting an error when using web services. (no errors if using
>> Tomcat
>> > 7.0.5
On 1/25/2015 4:23 PM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Srikanth,
On 1/24/15 12:03 AM, Srikanth Hugar wrote:
When i include
It does not work in tomcat 8.0.15.
I think there are too many dots in there. It that just an example?
What do you mean &qu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Srikanth,
On 1/24/15 12:03 AM, Srikanth Hugar wrote:
> When i include />
>
> It does not work in tomcat 8.0.15.
I think there are too many dots in there. It that just an example?
What do you mean "it does not work"?
>
When i include
It does not work in tomcat 8.0.15.
and my included jsp file contents are something like :
...
What could be the problem?
cing a massive performance degradation - only 40% of
> > the performance of 7.0.56 is reached when running the exact same JMeter
> > Test with Tomcat8.
> >
> > Relevant value here is: 24 page impressions per second on Tomcat 8.0.15.
> > On Tomcat 7.0.56 it reaches
of 7.0.56 is reached when running the exact same JMeter
> Test with Tomcat8.
>
> Relevant value here is: 24 page impressions per second on Tomcat 8.0.15.
> On Tomcat 7.0.56 it reaches up to 60 PI/s.
>
> A sampler captured with JVisual VM shows a hotspot on Class:
>
> o
.
Relevant value here is: 24 page impressions per second on Tomcat 8.0.15.
On Tomcat 7.0.56 it reaches up to 60 PI/s.
A sampler captured with JVisual VM shows a hotspot on Class:
org.apache.jasper.el.JasperELResolver.getValue -> 63,9 % of CPU self time
Tomcat 7.0.57: 0,8 %
Usage of Java8 or Ja
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mike,
On 12/17/14 8:12 PM, Mike Wertheim wrote:
> I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15
> with APR. (I'm using JDK 1.8.0.25 on CentOS.)
>
> My first step was to upgrade to Tomcat Native library
2014-12-18 4:12 GMT+03:00 Mike Wertheim :
> I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with
> APR. (I'm using JDK 1.8.0.25 on CentOS.)
>
> My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1
> while still using Tomcat 7.0.41
Sanaullah
>
>
> On Thu, Dec 18, 2014 at 6:15 AM, Mike Wertheim wrote:
> >
> > I should have included this in the previous message.
> >
> > The AprLifecycleListener is declared in server.xml like this:
> >> SSLEngine="on" />
> >
> &g
ml like this:
>SSLEngine="on" />
>
>
>
>
> On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim wrote:
> >
> > I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with
> > APR. (I'm using JDK 1.8.0.25 on CentOS.)
> >
> > My
I should have included this in the previous message.
The AprLifecycleListener is declared in server.xml like this:
On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim wrote:
>
> I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with
> APR. (I'm using JDK
I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with
APR. (I'm using JDK 1.8.0.25 on CentOS.)
My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1
while still using Tomcat 7.0.41. This combination works great. My webapp
starts up and is access
:
>
> Hi All..
>
> I've downloaded Apache Tomcat 8.0.15 and facing problem while trying to
> install it.
>
> I'm not able to open tomcat.exe and if I'm trying to do so, command prompt
> is automatically closes with in a second.
>
> Please help me to crack
Hi All..
I've downloaded Apache Tomcat 8.0.15 and facing problem while trying to
install it.
I'm not able to open tomcat.exe and if I'm trying to do so, command prompt
is automatically closes with in a second.
Please help me to crack this issue by providing detailed step
ote:
> > Hello,
> >
> > Tomcat 8.0.15
> >
> > I am getting an error when using web services. (no errors if using Tomcat
> > 7.0.50)
> >
> > Schema:
> >
> >
> > Error:
> > Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardW
On 10/12/2014 14:21, Marina F wrote:
> Hello,
>
> Tomcat 8.0.15
>
> I am getting an error when using web services. (no errors if using Tomcat
> 7.0.50)
>
> Schema:
>
>
> Error:
> Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardWrapperValve inv
Hello,
Tomcat 8.0.15
I am getting an error when using web services. (no errors if using Tomcat
7.0.50)
Schema:
Error:
Dec 10, 2014 7:59:48 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Allocate exception for servlet api-ws-soap
java.lang.IllegalArgumentException: The
On 20/11/2014 12:00, Luka Pavlič wrote:
> Hi,
>
> I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20.
>
> Running with "catalina start", /manager app works perfectly.
>
> Running "catalina start -security" will result
Luka Pavlič wrote:
Hi,
I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20.
Running with "catalina start", /manager app works perfectly.
Running "catalina start -security" will result in not deployed manager app.
I would *definitely need* both:
2014-11-20 14:00 GMT+03:00 Luka Pavlič :
> Hi,
>
> I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20.
>
> Running with "catalina start", /manager app works perfectly.
>
> Running "catalina start -security" will result in not depl
Hi,
I am running tomcat 8.0.15, win64 ZIP, on Windows 2008R2, Oracle JRE 8.0.20.
Running with "catalina start", /manager app works perfectly.
Running "catalina start -security" will result in not deployed manager app.
I would *definitely need* both: running Tomcat with Sec
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.15.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8.0.15 includes numerous fixes for
59 matches
Mail list logo
