Re: Tomcat Server Using 100% CPU

Did you reviewed the localhost_access log file. Which web-application is using tomcat the most ? On Thu, Aug 8, 2019 at 9:53 AM Eric Robinson wrote: > We have a farm of VMs, each running multiple instances of tomcat (up to 80 > instances per server). Everything has been running fine for years,

Information on sessionCacheSize !

Hello Team and Tomcat users, I am trying to gather more information and the effect of parameter "sessionCacheSize" in server.xml for a ssl connector. I see this from the documentation "The number of SSL sessions to maintain in the session cache." If i do not add this parameter...my tomcat slows

Logging framework !

Hi All, I am using Tomcat 7.0.81 on centos 7.2 and using openjdk 1.7.0.141. The problem I am seeing recently is manager*.log and localhost*.log files are not created. Instead, I see the messages that were to be written into, manager.log are going into Catalina.out. catalina.out and

Web application jars gets re loaded causing permgen issue !

in advance. -Utkarsh Dave

Re: [ANN] Apache Tomcat 7.0.77 released

Hello Violeta, Thanks for the update. We just picked 7.0.76. Wanted to know if there is an important fix in 7.0.77 version and can users face issue if they chose to be on 7.0.76. Just wanted to know if any particular reason because release time between 76 and 77 is short? -Dave On Mon, Apr 3,

Re: Ways to identify poorly designed client aplications sending request to Tomcat !

Hi Chris, Thanks for the response. On Fri, Mar 31, 2017 at 10:16 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Utkarsh, > > On 3/30/17 3:34 PM, Utkarsh Dave wrote: > > What makes you say th

Re: Ways to identify poorly designed client aplications sending request to Tomcat !

r 30, 2017 at 10:43 AM, André Warnier (tomcat) <a...@ice-sa.com> wrote: > On 30.03.2017 19:36, Utkarsh Dave wrote: > >> Thanks Olaf and Suvendu for the response. >> We are using 1.2 MB of heap size which is enough and haven't created an >> issue so far. >> >

Re: Ways to identify poorly designed client aplications sending request to Tomcat !

Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Utkarsh, > > On 3/29/17 7:33 PM, Utkarsh Dave wrote: > > Hello all, > > > > My tomcat (7.0.72) hosts several web aplications in the server > > (ba

Re: Ways to identify poorly designed client aplications sending request to Tomcat !

age will be high for Tomcat > process. > > As Olaf indicated, you can try to increase heap size and see if the > problem goes away. But before that, I am curious to see what heap and > GC settings you are using. Please post that info. > > Thanks! > Suvendu > > On Thu, Ma

Ways to identify poorly designed client aplications sending request to Tomcat !

Hello all, My tomcat (7.0.72) hosts several web aplications in the server (based in linux 6.8). There are many clients or 3rd party applications working as client to my server (having tomcat and web applications). There are instances when poorly designed client application can affect severly to

Re: [SECURITY] CVE-2016-6816 Apache Tomcat Information Disclosure

Please ignore my previous mail. I got the correct one https://tomcat.apache.org/security-7.html On Sun, Nov 27, 2016 at 6:41 PM, Utkarsh Dave <utkarshkd...@gmail.com> wrote: > Hi All > > This vulnerability (CVE-2016-6816) is said to be "Affects: 9.0.0.M1 to > 9.0.0.M1

Re: [SECURITY] CVE-2016-6816 Apache Tomcat Information Disclosure

Hi All This vulnerability (CVE-2016-6816) is said to be "Affects: 9.0.0.M1 to 9.0.0.M11" on another url https://tomcat.apache.org/security-9.html. But in the mail it says Tomcat 7 is also affected. Does this vulnerability affects version 7.0.72 -Regards Utkarsh On Tue, Nov 22, 2016 at 1:42 AM,

Re: A way for user to specify DH parameter to tomcat !

Thanks a lot Chris and Violeta. On Wed, Aug 17, 2016 at 1:59 PM, Utkarsh Dave <utkarshkd...@gmail.com> wrote: > Hi All, > > My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS > We have been using BIO connectors. > 1. I need help to find out how to prov

Re: A way for user to specify DH parameter to tomcat !

Thanks. By DH I mean "Diffie-Hellman parameters (secure DH-Cipher)". On Wed, Aug 17, 2016 at 3:31 PM, Violeta Georgieva <violet...@apache.org> wrote: > Hi, > > 2016-08-17 11:29 GMT+03:00 Utkarsh Dave <utkarshkd...@gmail.com>: > > > > Hi All, >

A way for user to specify DH parameter to tomcat !

Hi All, My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS We have been using BIO connectors. 1. I need help to find out how to provide user specified DH parameter to tomcat. 2. What all ciphers are categorized under modern ciphers ? Thanks for your time in advance.

Re: Can tomcat be configured for ECDHE and DHE cipher suites

-Utkarsh On Fri, May 20, 2016 at 4:51 PM, Mark Thomas <ma...@apache.org> wrote: > On 20/05/2016 12:18, Utkarsh Dave wrote: > > Hi Mark - Thanks. > > SSLHonorCipherOrder, cna it be configured on Tomcat ? > > There would not have been much point telling you about a configura

Re: Can tomcat be configured for ECDHE and DHE cipher suites

Thanks Mark. It appears it is client (3rd party which requests to tomcta) to choose the cipher while negotiating. We can use SSLHonorCipherOrder to enforce the server's cipher order. I guess i got my answer. -Thanks Utkarsh Dave On Fri, May 20, 2016 at 4:51 PM, Mark Thomas <ma...@apache.

Re: Can tomcat be configured for ECDHE and DHE cipher suites !

nce order > if you wish. > > Mark > > > > > > JD > > > > 2016-05-20 12:50 GMT+02:00 Utkarsh Dave <utkarshkd...@gmail.com>: > > > >> Sorry, I missed that information in my earlier mail. > >> Tomcat - 7.0.69 configured for SSL > &g

Re: Can tomcat be configured for ECDHE and DHE cipher suites !

stalled? > > JD > > 2016-05-20 12:50 GMT+02:00 Utkarsh Dave <utkarshkd...@gmail.com>: > > > Sorry, I missed that information in my earlier mail. > > Tomcat - 7.0.69 configured for SSL > > Connector - APR > > Java - jdk1.7.0_101 > > > > &

Re: Can tomcat be configured for ECDHE and DHE cipher suites !

Sorry, I missed that information in my earlier mail. Tomcat - 7.0.69 configured for SSL Connector - APR Java - jdk1.7.0_101 On Fri, May 20, 2016 at 4:10 PM, Mark Thomas <ma...@apache.org> wrote: > On 20/05/2016 11:37, Utkarsh Dave wrote: > > Hi Users and Tomcat team, > >

Can tomcat be configured for ECDHE and DHE cipher suites !

Hi Users and Tomcat team, Port 8443 on my product is configured for Tomcat and accepts inbound traffic from 3rd parties. In the TLS handshake, Tomcat chooses TLS_RSA_WITH_AES_256_CBC_SHA over some of the more secure cipher options offered by the 3rd party. The 3rd party offers a list of 66 cipher

Re: Some Web Applications fail to deploy !

Correcting the text if it is confusing. "XXX,YYY and ZZZ do not get copied from /usr/local/webapps to Tomcat/webapps after tomcat upgrade as i do not see above logs. And so i feel no installation happens. What can be probable reason On Fri, May 6, 2016 at 11:09 AM, Utkarsh Dave <u

Some Web Applications fail to deploy !

Hi Tomcat users and owners, I upgraded to tomcat 7.0.69 from 64 and noticed that some of the web applications do not get deployed. After verifying i noticed that with tomcat 7.0.64, manager.log file use to populated with these additional logs where as it is not seen in new Tomcat. May 05, 2016

Re: [ANN] Apache Tomcat 7.0.69 released

Thanks again. That helped and all good with compilation now. On Wed, Apr 20, 2016 at 12:50 PM, Violeta Georgieva <miles...@gmail.com> wrote: > Hi, > > 2016-04-20 10:11 GMT+03:00 Utkarsh Dave <utkarshkd...@gmail.com>: > > > > Hi Violeta, > > I rece

Re: [ANN] Apache Tomcat 7.0.69 released

this error On Tue, Apr 19, 2016 at 11:47 AM, Utkarsh Dave <utkarshkd...@gmail.com> wrote: > Thank You > > On Mon, Apr 18, 2016 at 5:45 PM, Violeta Georgieva <violet...@apache.org> > wrote: > >> The Apache Tomcat team announces the immediate availability of Apache >

Re: [ANN] Apache Tomcat 7.0.69 released

Thank You On Mon, Apr 18, 2016 at 5:45 PM, Violeta Georgieva wrote: > The Apache Tomcat team announces the immediate availability of Apache > Tomcat 7.0.69. > > Apache Tomcat is an open source software implementation of the Java > Servlet, JavaServer Pages, Java Expression

When is 7.0.69 expected !

Hi Tomcat team, I am looking for below fix http://svn.apache.org/viewvc?view=revision=1734262 The fix will be available in 7.0.69. Is there a date for the new release yet... -Thanks Utkarsh

Re: response.sendRedirect is not working in application after upgrade from 7.0.65 to 7.0.67

HiVioleta, Our application has a very similar problem after upgrade to tomcat 7.0.67/68 and it seems space in between url attributes was the issue while using response.sendRedirect. Currently we have hold off the upgrade until all web application teams find the affected pages and rectify there

Re: Time zone in all web application pages revert to UTC !

d that why suddenly when everything works fine, one odd day the UTC time zone starts displaying. On Tue, Mar 22, 2016 at 8:25 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Utkarsh, > > On 3/22/16 2:40 AM, Utkarsh Dave wrote: > > We are having this weird issue

Time zone in all web application pages revert to UTC !

Hi Users and Tomcat team, We are having this weird issue seen in all the web application pages where time gets changed to UTC after some days. As a workaround it works fine until Tomcat is restarted, but after some days time in UTC is seen again. This is regardless of any time/time zone

Re: Enabling SSLv2 on Tomcat 7 !

SSLv2Hello handshake started failing in newer versions of tomcat On Fri, Feb 19, 2016 at 8:56 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Utkarsh, > > On 2/19/16 7:05 AM, Utkarsh Dave wrote: >

Enabling SSLv2 on Tomcat 7 !

I upgraded my tomcat from 7.0.53 ( that was having SSL protocols enable) to 7.0.67 (that has by default SSL protocols disable). To re enable support for SSLv3 and SSLv2, i modified the server.xml inside $TOMCAT_HOME/conf to replace sslProtocol="TLS" with sslEnabledProtocols="SSLv2,SSLv3,TLSv1" I

Question related to Session management in Tomcat !

session ID to keep authentication state and track user progress within a web application, the application MUST treat the session ID as untrusted data, and sanitize and validate it before use. Thanks a lot for your time. Utkarsh Dave

Re: Question related to Session management in Tomcat !

Thank You Mark On Wed, Nov 25, 2015 at 4:39 PM, Mark Thomas <ma...@apache.org> wrote: > On 25/11/2015 10:50, Utkarsh Dave wrote: > > Hello, > > > > I need inputs/answers on below points to implement a secure session > > management application > > Or if th

Can we have number of RequestDispatcher (busy) logged in log files !

Hello, In tomcat 7 I wanted to know if there is a way we can log the number of request dispatcher threads used/busy/blocked, in log files. Or is there a mechanism that logs the number of request threads so that user can be warned about the request dispatcher threads if too many are being in busy

Tomcat manager application not using custom ErrorReportingValve !

Hi All, My application has a custom reporting valve in server.xml Host appBase=webapps autoDeploy=true deployOnStartup=false errorReportValveClass=com.path.valves.CustomErrorReportValve name=localhost unpackWARs=true But when I try to access https://server/manager I get normal error

Re: Tomcat manager application not using custom ErrorReportingValve !

Thanks a lot Mark. On Thu, Jul 30, 2015 at 11:50 AM, Mark Thomas ma...@apache.org wrote: On 30/07/2015 07:18, Utkarsh Dave wrote: Hi All, My application has a custom reporting valve in server.xml Host appBase=webapps autoDeploy=true deployOnStartup=false errorReportValveClass

Re: To log TLS sessions !

Thank you Christ. On Fri, Feb 13, 2015 at 10:03 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Utkarsh, On 2/13/15 12:39 AM, Utkarsh Dave wrote: Need your thoughts and comments on the requirement where we need to log/capture

Re: To log TLS sessions !

Thanks Chris. Any other thoughts? On Fri, Feb 13, 2015 at 10:03 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Utkarsh, On 2/13/15 12:39 AM, Utkarsh Dave wrote: Need your thoughts and comments on the requirement where we need

To log TLS sessions !

Hi all, Need your thoughts and comments on the requirement where we need to log/capture information when TLS sessions are setup, the logs will be logged to indicate successful or failed connection establishment or even connection being disconnected. RequestDumperFilter is one way but that will

Re: SSL issue in tomcat

I don t think you will achieve what you want to via disabling SSL protocol using sslEnabledProtocols. The vulnerability I think it is due to vulnerability in ssl 3.0 issue. will not stop access to the application. You may want to revert your changes back, and check the firewall settings or

Re: Can we Enable SSL protocol in Tomcat 7.0.57 ?

Thanks for the response. So would the desired changes in server.xml will be sslEnabledProtocols=SSL,TLS -Thanks Utkarsh On Tue, Jan 6, 2015 at 1:47 PM, Mark Thomas ma...@apache.org wrote: On 06/01/2015 07:46, Utkarsh Dave wrote: Hi Team, My project is planning to upgrade to Tomcat 7.0.57

Can we Enable SSL protocol in Tomcat 7.0.57 ?

to Tomcat 7.0.57, is there any similar configuraion change available, through which we can re enable SSL protocols again. Please let me know if my question is not clear. -Thanks Utkarsh Dave

Re: Unable to disable SSL in Tomcat 6 for poodle Vulnerability!

: On Sun, Nov 2, 2014 at 10:09 AM, Utkarsh Dave utkarshkd...@gmail.com wrote: Is there any other way to disable SSL in Tomcat 6. How many ways do you need? The process described in this thread works as indicated with 6.0.37. -- Hassan Schroeder hassan.schroe

Re: Unable to disable SSL in Tomcat 6 !

, 2014 at 4:47 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Utkarsh, On 11/1/14 3:33 PM, Utkarsh Dave wrote: Thanks for the response. I am testing using below steps. From another machine I am running this command: openssl

Re: Unable to disable SSL in Tomcat 6 !

SIGNED MESSAGE- Hash: SHA256 Utkarsh, On 10/31/14 11:52 AM, Utkarsh Dave wrote: Nothing helped much. Please let me know how can i disable SSL in Tomcat 6.0.37. I tried below configuration in server.xml on Tomcat 6.0.37 Connector port=8443 protocol=org.apache.coyote.http11

Re: Unable to disable SSL in Tomcat 6 !

16:38, Utkarsh Dave wrote: Hello all, To avoid poodle vulnerability we are trying to disable SSL v3 and all its versions through below configuration. Connector port=8443 protocol=org.apache.coyote.http11.Http11Protocol maxThreads=150 SSLEnabled=true scheme=https secure

Unable to disable SSL in Tomcat 6 !

Hello all, To avoid poodle vulnerability we are trying to disable SSL v3 and all its versions through below configuration. Connector port=8443 protocol=org.apache.coyote.http11.Http11Protocol maxThreads=150 SSLEnabled=true scheme=https secure=true clientAuth=false

Release plans of Tomcat 6.0.42/6.0.43

Hi, Can i please know when Tomcat 6.0.43 will be released or any plans of it? If not the date month in which it will be released? -Thanks Utkarsh Dave

How can we configure deployXML=true in security manager ?

We upgraded from Tomcat 7.0.41 to tomcat 7.0.53. We are starting the Tomcat as -security so as to enable security manager. I also see the changelog of 7.0.48 mentioning about this change When running under a security manager, change the default value of the Host's deployXML attribute to false. add

Handshake Failure error !

Hi, We are running Tomcat 6.0.37 and Java JDK 1.6.0_60 We recently upgraded to JDK 1.6.0_75 and recieved below error at several places javax.net.ssl.SSLException: Fatal Alert received: Handshake Failure We debugged and after analysis found that if we remove below 3 ciphers suits from server.xml

Release date of Tomcat 6.0.42 ?

Can i please know when Tomcat 6.0.42 will be released. If not exact an estimation will also help. -Thanks Utkarsh - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail:

NoClassDefFoundError: org/apache/tomcat/util/descriptor/LocalResolver Error while building project after Tomcat upgrade to 7.0.53 from 7.0.41 !

I am trying to upgrade my Tomcat from 7.0.41 to the latest release 7.0.53 available and the project build failed with below error. java.lang.NoClassDefFoundError: org/apache/tomcat/util/descriptor/LocalResolver at org.apache.jasper.xmlparser.ParserUtils.init(ParserUtils.java:69)

NoClassDefFoundError: org/apache/tomcat/util/descriptor/LocalResolver Error while building project after Tomcat upgrade to 7.0.53 from 7.0.41 !

I am trying to upgrade my Tomcat from 7.0.41 to the latest release 7.0.53 available and the project build failed with below error. java.lang.NoClassDefFoundError: org/apache/tomcat/util/descriptor/LocalResolver at org.apache.jasper.xmlparser.ParserUtils.init(ParserUtils.java:69)

Re: Catalina start problem

I once received similar exception while starting tomcat, but i was trying to modify the web.xml with incorrect tags. Try to get the thread dumps and track the changes that were performed before your attempt to start tomcat. On Wed, Apr 2, 2014 at 1:53 PM, Neeraj Sinha

Can we increase the logging in localhost_access.log

Hi, We are using Tomcat 7.0.41. One of my customer faces 404 error while accessing the web application. This continues for some time and goes away automatically without giving us time to debug. We dont have any other clue. Everything else works fine. all services are running great. No issue with

Issue while configuring CSRFPreventionFilter !

Hi all, I am trying to configure the Tomcat inbuilt filter (tomcat.valves.CiscoResponseHeaderFilter) into my $TOMCAT_HOME/conf/web.xml filter filter-nameCSRF/filter-name filter-classorg.apache.catalina.filters.CsrfPreventionFilter/filter-class init-param

Re: Issue while configuring CSRFPreventionFilter !

. ? I want to do it in this file because i dont want my 50 + webapps to modify there respective web.xml file. Rather we can configure them at 1 common place. -Thanks Utkarsh On Fri, Mar 21, 2014 at 12:17 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-03-21 10:09 GMT+04:00 Utkarsh

Re: Tomcat 6 vs. Tomcat 7 vs Cisco Load Balancer vs Java Applet

Did you try generating / regenerating your certificated. Once done put it under your security directory within your jdk home On Tue, Mar 4, 2014 at 11:10 PM, Bill Davidson bill...@gmail.com wrote: We tried to upgrade a production server to Tomcat 7 yesterday and it broke our printing applet

Error while upgrading to Tomcat 7.0.52

is not yet available. Can you please let me know how i can proceed with this. If in case you need further details please let me know or feel free to reach to me in India IST. -Utkarsh Dave +919739903066 Technial Lead Infosys Limited at Cisco. e-city, Bangalore. India

Re: Error while upgrading to Tomcat 7.0.52

To be more specific, i upgraded Tomcat in my application from Tomcat 7.0.41 to 7.0.52. Quick response is appreciable as the build process is on hold critical services are shut down. -Thanks On Mon, Mar 3, 2014 at 3:39 PM, Utkarsh Dave utkarshkd...@gmail.com wrote: Hi, I upgraded my

Re: Error while upgrading to Tomcat 7.0.52

. Do you see any issue if we adopt this approach. -Thanks Utkarsh On Mon, Mar 3, 2014 at 4:16 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2014-03-03 14:28 GMT+04:00 Utkarsh Dave utkarshkd...@gmail.com: To be more specific, i upgraded Tomcat in my application from Tomcat 7.0.41

Re: Error while upgrading to Tomcat 7.0.52

Hi Prashant - I assume there will not be any consequence of replacing validateXML with validateTld? -Thanks for the quick response. -Utkarsh On Mon, Mar 3, 2014 at 4:19 PM, Prashant Kadam prashantkada...@gmail.comwrote: On Mon, Mar 3, 2014 at 3:58 PM, Utkarsh Dave utkarshkd...@gmail.com