Hi everyone,
I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux
I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability
with Apache Tomcat 6.0.36
I tried to send a request using chunked transfer encoding with a web
proxy (Burp proxy) but I think I am making a
wastasy wrote:
Hi everyone,
I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux
I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability
with Apache Tomcat 6.0.36
I tried to send a request using chunked transfer encoding with a web
proxy (Burp proxy) but I think I
On 27/08/2013 08:38, wastasy wrote:
Hi everyone,
I am testing an Apache Tomcat server 6.0.36 on Ubuntu Linux
OK.
I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability
with Apache Tomcat 6.0.36
Why?
I tried to send a request using chunked transfer encoding with a web
I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability
with Apache Tomcat 6.0.36
Why?
1- I have\want to demonstrate, Apache Tomcat 6.0.36 has a DoS vulnerability
2- I am inquiring and I want to see with my eyes
3- I want to learn more about HTTP and Apache Tomcat
4- Why
On 27/08/2013 10:00, wastasy wrote:
I would like to reproduce CVE-2012-3544 Denial of Service Vulnerability
with Apache Tomcat 6.0.36
Why?
1- I have\want to demonstrate, Apache Tomcat 6.0.36 has a DoS vulnerability
Why? It is already known, published fact that it has one.
2- I am
1- I have\want to demonstrate, Apache Tomcat 6.0.36 has a DoS vulnerability
Why? It is already known, published fact that it has one.
The extreme value theorem is already known too but million of students
around the world have\want to prove it.
4- Why not?
There are lots of good reasons
On 27/08/2013 10:45, wastasy wrote:
1- I have\want to demonstrate, Apache Tomcat 6.0.36 has a DoS
vulnerability
Why? It is already known, published fact that it has one.
The extreme value theorem is already known too but million of students
around the world have\want to prove it.
4- Why
Thank you all for your help. I figured out what the problem was.
I accidentally made logging.properties and catalina.properties owned by
root:root with 640 permissions. Changed to root:tomcat, and everything
worked right away.
Tomcat 7.0.42 / RHEL 6 / Two physical servers, with one tomcat instance on
each server. Physical loadbalancer with sticky sessions. No proxy servers.
I've set up session-replication using the delta-manager. I can confirm it
works just lovely when the LB switches over from one box to the other.
I have observed using tomcat 7.027 and 6.026 an issue with BASIC
authentication.
My intent was to have both user names and passwords be case sensitive.
I know of nothing
I did that would change that. The database table is plain vanilla.
Passwords are case sensitive,
but upper or lower case
On Aug 27, 2013, at 2:52 PM, Michael Spring spr...@pitt.edu wrote:
I have observed using tomcat 7.027 and 6.026 an issue with BASIC
authentication.
My intent was to have both user names and passwords be case sensitive.
I know of nothing
I did that would change that. The database table is
-Original Message-
From: Daniel Mikusa [mailto:dmik...@gopivotal.com]
Sent: Tuesday, August 27, 2013 2:22 PM
To: Tomcat Users List
Subject: Re: Question about usernames being case insensitive
On Aug 27, 2013, at 2:52 PM, Michael Spring spr...@pitt.edu wrote:
I have observed using
On 8/27/2013 3:26 PM, Propes, Barry L wrote:
-Original Message-
From: Daniel Mikusa [mailto:dmik...@gopivotal.com]
Sent: Tuesday, August 27, 2013 2:22 PM
To: Tomcat Users List
Subject: Re: Question about usernames being case insensitive
On Aug 27, 2013, at 2:52 PM, Michael Spring
All three responses are exactly right. I checked my script and assumed
-- and we know what happens when you do that --
that since I had made no specification for case insensitive that it
would be case sensitive. It wasn't. I will go see why MYSQL
is doing that and make the change there. Thank
-Original Message-
From: Michael Spring [mailto:spr...@pitt.edu]
Sent: Tuesday, August 27, 2013 2:35 PM
To: Tomcat Users List
Subject: Re: Question about usernames being case insensitive
All three responses are exactly right. I checked my script and assumed
-- and we know what happens
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 8/27/13 2:52 PM, Michael Spring wrote:
I have observed using tomcat 7.027 and 6.026 an issue with BASIC
authentication. My intent was to have both user names and passwords
be case sensitive. I know of nothing I did that would change
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jasper,
On 8/23/13 1:06 AM, Jasper Lai wrote:
Sorry I am a beginner about ssl cert.
according to
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Create_a_local_Certificate_Signing_Request_(CSR)
it will gen a keystore and CSR.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Vicki,
On 8/22/13 8:24 AM, vi...@thepenguin.org wrote:
I am trying to understand how the manager works, so I just want to
implement it simply with a blank tomcat and the sample.war. I am
finding the documentation to be unclear, although it is
In a great moment of DUH, I realized I had the expireSessionsOnShutdown to
true.
Manager className=org.apache.catalina.ha.session.DeltaManager
expireSessionsOnShutdown=false
notifyListenersOnReplication=true/
All working nicely now.
On 27/08/2013 22:41, Tomcat Random wrote:
In a great moment of DUH, I realized I had the expireSessionsOnShutdown to
true.
Manager className=org.apache.catalina.ha.session.DeltaManager
expireSessionsOnShutdown=false
Christopher:
Thank you for your very comprehensive and thoughtful answer. We have at
this point come to all the points you so eloquently make. We need to do
a little DBMS modification to allow tomcat to do what we expect. You
detail will help us make those modifications in the correct way. I
NP, glad to contribute a little. The FAQ was helpful but it's a little
confusing. I'd like to clean it up and add to the part that specifically
addresses two boxes two nodes on Linux. Would that be alright?
Thanks,
Alec
On Tue, Aug 27, 2013 at 5:52 PM, Mark Thomas ma...@apache.org wrote:
On
22 matches
Mail list logo
