Hi,
Would like to get your opinion on the java deserialization vulnerability
issue for Tomcat. As Jboss seems to have been impacted with, is there a way
to verify wether this vulnerability affects Tomcat as well?
Regards
SJ
don't think tomcat by default ships with commons collections
But of course its not just commons collections its a more generic problem
that could be hit if there are more special classes that do special things
in deserialization.
i do think that tomcat by default (even the manager app or there jm
Satish,
On 11/11/15 7:58 AM, satish jupalli wrote:
> Would like to get your opinion on the java deserialization vulnerability
> issue for Tomcat. As Jboss seems to have been impacted with, is there a way
> to verify wether this vulnerability affects Tomcat as well?
Are you talking about this one?
Satish,
On 11/11/15 8:10 AM, Christopher Schultz wrote:
> Satish,
>
> On 11/11/15 7:58 AM, satish jupalli wrote:
>> Would like to get your opinion on the java deserialization vulnerability
>> issue for Tomcat. As Jboss seems to have been impacted with, is there a way
>> to verify wether this vuln
On 11 November 2015 at 14:44, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Tomcat could potentially be
> used as an attack vector against a system by someone with write-access
> to the part of the filesystem where Tomcat stores its serialized session
> objects during a restart
>
i
Johan,
On 11/11/15 8:53 AM, Johan Compagner wrote:
> On 11 November 2015 at 14:44, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Tomcat could potentially be
>> used as an attack vector against a system by someone with write-access
>> to the part of the filesystem where Tomcat
Hello,
I am using tomcat 8.0.22.0.
My Catalina_Home is set to "C:\tomcat".
IDE: Netbeans.
Language: Java.
For some reason, when I deploy a web application in Netbeans that has the
name "applicationName" and context path: "/applicationName" I do not see
the application in the c:\tomcat\webapps fol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yuval,
On 11/11/2015 7:06 AM, Yuval Schwartz wrote:
> Hello,
>
> I am using tomcat 8.0.22.0. My Catalina_Home is set to "C:\tomcat".
> IDE: Netbeans. Language: Java.
>
> For some reason, when I deploy a web application in Netbeans that
> has the na
Hello Mark,
Thanks for the reply.
I am interested in finding where the Document Root is for my application
("applicationName").
As I understand, since my Catatlina_Home = "c:\tomcat" and the "" tag
in the server.xml specifies "appbase='webapps'", it should be under
c:\tomcat\webapps...but it is no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yuval,
On 11/11/2015 8:34 AM, Yuval Schwartz wrote:
> Hello Mark,
>
> Thanks for the reply. I am interested in finding where the
> Document Root is for my application ("applicationName"). As I
> understand, since my Catatlina_Home = "c:\tomcat" and t
I have a question about the threads that Tomcat uses for servicing requests.
My environment is Tomcat 7.0.55 running on Linux (CentOS 6.5) with Oracle JVM
1.7.0_79.
My question is specifically about the threads that Tomcat uses for servicing
requests which are named ‘http-bio-{port}-exec-###’,
David,
On 11/11/15 2:13 PM, David E. Filip wrote:
> I have a question about the threads that Tomcat uses for servicing
> requests. My environment is Tomcat 7.0.55 running on Linux (CentOS
> 6.5) with Oracle JVM 1.7.0_79.
>
> My question is specifically about the threads that Tomcat uses for
> se
Hi there.
We currently run Tomcat v7 in our environment. We use Shavlik Protect as our
patching utility.
On all of our application servers we dedicate the C: drive to the Windows OS
then we add an E: drive for all additional program installations such as SQL,
Tomcat, etc. So, we have a decent
Jonathan,
On 11/11/15 4:15 PM, Barrow, Jonathan wrote:
> We currently run Tomcat v7 in our environment. We use Shavlik Protect as
> our patching utility.
>
> On all of our application servers we dedicate the C: drive to the
> Windows OS then we add an E: drive for all additional program
> install
Why is this flagged as a Security Patch then? Sounds more like a Software
Distribution don't you think?
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, November 11, 2015 5:09 PM
To: Tomcat Users List
Subject: Re: Tomcat Upgrades Ignorin
Sorry, this is more of Shavlik lingo. They have classifications for patches in
their database. This one is considered a Security Patch (to an existing
install) vs a Software Distribution which is more of a new-full install of
something. Maybe they need to re-classify it.
-Original Message--
On Thu, November 12, 2015 10:28 am, Barrow, Jonathan wrote:
> Sorry, this is more of Shavlik lingo. They have classifications for
> patches in their database. This one is considered a Security Patch (to an
> existing install) vs a Software Distribution which is more of a new-full
> install of somet
17 matches
Mail list logo
