Question concerning mod_jk Security Fix CVE-2014-8111

Hi, could you please tell us, when the fixed mod_jk-Version 1.2.41 will be publicly available? The webpage does not mention any vulnerability at all, plus no newer release than the vulnerable 1.2.40. For now RedHat mentions only the fix to the source code from December 2014.

Question concerning mod_jk Security Fix CVE-2014-8111

Please let me repeat my question from June 6th: Why is this CVE still not addressed in Apache Tomcat JK Connectors vulnerabilities http://tomcat.apache.org/security-jk.html? http://www.cvedetails.com/cve/CVE-2014-8111/ - Hi, could you please tell us, when the

AW: Question concerning mod_jk Security Fix CVE-2014-8111

-Ursprüngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Freitag, 17. Juli 2015 12:33 An: Tomcat Users List Betreff: Re: Question concerning mod_jk Security Fix CVE-2014-8111 On 16/07/2015 13:16, Kreuser, Peter wrote: Please let me repeat my question from

Tomcat 8.5 Nio2: java.lang.IllegalStateException: Failed to create Processor for negotiated protocol [""]

Hi there, I have setup Tomcat 8.5 with the all new SSL Config and HTTP/2. To test the setup I use testssl.sh (https://testssl.sh ) . The scan is successful, also stating HTTP/2 is working. So far so good. However I see the following exception in the Logs: 25-Apr-2016 17:36:16.697 SEVERE

AW: Tomcat 8.5: Certificate Chain Incomplete - Tomcat 8.0 was fine

was fine On 27/04/2016 10:39, Kreuser, Peter wrote: > Hi all, > > I have a strange problem with Tomcat 8.5. Using the exact same setup as > Tomcat 8.0 (connector and keystore) ssllabs will downgrade my setup from A to > B because of a missing intermediate certificate. http://sv

Tomcat 8.5: Certificate Chain Incomplete - Tomcat 8.0 was fine

Hi all, I have a strange problem with Tomcat 8.5. Using the exact same setup as Tomcat 8.0 (connector and keystore) ssllabs will downgrade my setup from A to B because of a missing intermediate certificate. I have the two versions working side by side on two ports. Openssl on the two

AW: Tomcat 8.5 Nio2: java.lang.IllegalStateException: Failed to create Processor for negotiated protocol [""]

Mark, I read that you ported all the new SSL functionality to 8.5, so my first guess was, that if that problem was new, you might want to know what's wrong ;-). >On 25/04/2016 17:10, Kreuser, Peter wrote: >> Hi there, >> >> I have setup Tomcat 8.5 with the all new

AW: AW: Tomcat 8.5 Nio2: java.lang.IllegalStateException: Failed to create Processor for negotiated protocol [""]

> >-Ursprüngliche Nachricht- >On 27/04/2016 10:01, Kreuser, Peter wrote: >> Mark, >> >> I read that you ported all the new SSL functionality to 8.5, so my first >> guess was, that if that problem was new, you might want to know what's wrong >> ;-

AW: AW: Tomcat 8.5 Nio2: java.lang.IllegalStateException: Failed to create Processor for negotiated protocol [""]

Mark, > >On 27/04/2016 10:01, Kreuser, Peter wrote: >> Mark, >> >> I read that you ported all the new SSL functionality to 8.5, so my first >> guess was, that if that problem was new, you might want to know what's wrong >> ;-). >> >>>

AW: Operation has timed out

Fady, Sorry for top posting. If I remember correctly, the Cluster Element goes into the Container and not the Host. Plus I see in our (working) case, a DeltaManager and a JvmRouteSessionIDBinderListener ... Besides this, only ports, limits and values are different. You may

AW: https redirect failed for POST request when behind a load balancer

eter > > Bin > > -Original Message- > From: Kreuser, Peter [mailto:pkreu...@airplus.com] > Sent: Friday, January 20, 2017 1:43 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: AW: https redirect failed for POST request when behind a load >

AW: https redirect failed for POST request when behind a load balancer

en after that all links, forms will be on https. Best regards Peter > Our engineer who has access to the load balancer is off today, will get some > log info on the load balancer side about the redirect. > > Thank you, > > Bin > > -Original Message- > From: Kreu

AW: https redirect failed for POST request when behind a load balancer

Bin, > Peter: > To answer your questions > 1. The response header when using 8080 to post, I got: > > Status Code: 405 Method Not Allowed > Allow: POST > Cache-Control: private > Content-Language: en > Content-Length: 1045 > Content-Type: text/html;charset=utf-8 >

AW: https redirect failed for POST request when behind a load balancer

Hi Bin > Konstantin: > Thank you very much for your reply. To answer your question > > 1. The api-lb and lb-api was a typo. > > 2. I was able to reproduce this problem with a single server behind the > load balancer. > Where http://lb-test-api:8080 was set to forward to

AW: A way for user to specify DH parameter to tomcat !

Hi Utkarsh >Von: Utkarsh Dave [mailto:utkarshkd...@gmail.com] >Gesendet: Donnerstag, 18. August 2016 08:18 >An: Tomcat Users List >Betreff: Re: A way for user to specify DH parameter to tomcat ! > >Thanks a lot Chris and Violeta. > >On Wed, Aug 17, 2016 at 1:59 PM, Utkarsh Dave

AW: 8.5.3 to 8.5.4 SSL Issue

Chuck, > > Hello, > > I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL. It seems > that my config from 8.5.3 is not working with 8.5.4 when using the same > exact file. The majority of the server.xml is stock, but here what I > manually have changed and it is where I am

AW: Restrict access to manager app by IP

Hi Yuval, > -Ursprüngliche Nachricht- > Von: Yuval Schwartz [mailto:yuval.schwa...@gmail.com] > Gesendet: Freitag, 2. September 2016 13:28 > An: Tomcat Users List > Betreff: Restrict access to manager app by IP > > Tomcat: 8.0.22 > JDK: 1.8.0_05 > > Hello, > > I am currently running

AW: AW: TCNative 1.2.8 with openssl 1.1.0

Chris, > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > > On 8/31/16 7:21 AM, Mark Thomas wrote: > > On 31/08/2016 12:18, Kreuser, Peter wrote: > >> > >> Christopher, > >> > >>> On 8/30/16 10:18 AM, Kreuser, Pete

AW: TCNative 1.2.8 with openssl 1.1.0

> On 30/08/2016 10:23, Kreuser, Peter wrote: > > Hi all, > > I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd proves that it > is > linked). I have set the cipher string to the newly supported ciphers: > > > ciphers="ECDH

AW: TCNative 1.2.8 with openssl 1.1.0

Mark, > On 31/08/2016 12:18, Kreuser, Peter wrote: > > > Christopher, > > On 8/30/16 10:18 AM, Kreuser, Peter wrote: > > On 30/08/2016 10:23, Kreuser, Peter wrote: > > Hi all, > > I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd >

AW: TCNative 1.2.8 with openssl 1.1.0

Christopher, > On 8/30/16 10:18 AM, Kreuser, Peter wrote: > > On 30/08/2016 10:23, Kreuser, Peter wrote: > > Hi all, > > I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd > proves that it is linked). I have set the cipher string to the > newly supp

TCNative 1.2.8 with openssl 1.1.0

Hi all, I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd proves that it is linked). I have set the cipher string to the newly supported ciphers: ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-

AW: Tomcat 8 HTTPS issue with old browser

Objections Chris, > André, > > On 10/4/16 7:59 AM, André Warnier (tomcat) wrote: > > On 04.10.2016 12:43, Garratt, Dave wrote: > >> To elaborate, there is only this single application running on > >> the server. All other web applications use Windows IIS. > >> > >> I have mentioned that the

AW: Tomcat 8 HTTPS issue with old browser

Dave, > The requirement for HTTPS is only a recent requirement and the application is > now heavily dependent on Java 8. At this point I don’t know just how old a > version of Tomcat I would need to make it work and I would have to make > significant changes to the code in order to make it

AW: Tomcat 7.0.65 + Java 6 Update 121 64-bit - Cipher Suite Names

Roman, > On 21/09/2016 11:22, Román Valoria wrote: > > Before anyone tells me, I cannot upgrade either Tomcat or Java to the > > latest major release. > > > > My setup is running on Windows Server 2008 R2 64-bit OS. > > What configuration have you tried? > > How do you know it didn't work? >

AW: Tomcat 7.0.65 + Java 6 Update 121 64-bit - Cipher Suite Names

Roman, >I know it did not worked because as soon as I add the ciphers entry to the >SSL HTTPS connector in the server.xml file, it tells me that value is not >supported. > >On Wed, Sep 21, 2016 at 6:45 PM, Mark Thomas wrote: > >> On 21/09/2016 11:22, Román Valoria wrote: >> >

AW: 8.5.4 to 8.5.5 SSL Issue

Dear all, > On Sun, Oct 23, 2016 at 3:15 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > >

Mod_jk 1.2.42 fails at startup with shared memory failure

Hi all, Hi Mark, I see one change in the newest mod_jk (see below), that stops Apache in my configuration: The discussion on this bug is valid https://bz.apache.org/bugzilla/show_bug.cgi?id=59184, however I would like to see an explanation o why the shm may fail! Docker 1.12 Debian Stretch

AW: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token

Hi Abishek,   > -Ursprüngliche Nachricht- > Von: Kumar, Abhishek (IT Information Services ) > [mailto:abhishek.kum...@originenergy.com.au] > Gesendet: Dienstag, 10. Januar 2017 12:17 > An: users@tomcat.apache.org > Betreff: Vulnerability Issue with Apache Tomcat

AW: Apache Tomcat/8.0.36 HTTPS implementation - Red Hat Enterprise Linux Server release 6.8 (Santiago)

Hi Eric, > Dear all, > > > I need to implement secure connection within tomcat. That's why I need to > implement certificate on tomcat. > I've made a CSR in order for my company to provide me certificates and CA. > I've implemented the configuration in TOMCAT to activate https to use my >

AW: sendFiles vs. compression

Hi Cris, > Excellent information. Thank you! > > Is there a way to create a split point where sendFile will handle files of > certain mime types (or all mime-types except for an exclusion list of mime > types) and/or of certain sizes while compression will handle files of other > mime-types

[2xOT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

I'm glad that we get so well over serious problems. Made my day :-) ! PS: André: Sorry for the top post. PPS: James: I still can't get over it, that you run Tomcat on AS400, my first contact to production systems back in '90. -Ursprüngliche Nachricht- Von: André Warnier (tomcat)

AW: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

Hi all, >-Ursprüngliche Nachricht- >Von: André Warnier (tomcat) [mailto:a...@ice-sa.com] >Gesendet: Donnerstag, 10. August 2017 11:34 >An: users@tomcat.apache.org >Betreff: Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It >can't be reached from outside the box.

AW: Response cut off after 10 seconds when using NIO2 connector

Hi Matt, > -Ursprüngliche Nachricht- > Von: Matt Cosentino [mailto:mcosent...@cacorp.com] > Gesendet: Dienstag, 11. Juli 2017 19:35 > An: Tomcat Users List > Betreff: Response cut off after 10 seconds when using NIO2 connector > > I'm using Tomcat 8.5.16 with

AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

Hi (WhoEverYouMayBe - you may want to sign with a name???), > Server version:Apache Tomcat/8.5.11 > Server built: Jan 10 2017 21:02:52 UTC > Server number: 8.5.11.0 > OS Name: Linux > OS Version:3.10.0-514.16.1.el7.x86_64 > Architecture:

AW: how to upgrade tomcat 8.5.x?

Igal, -Ursprüngliche Nachricht- > Von: Igal @ Lucee.org [mailto:i...@lucee.org] > Gesendet: Dienstag, 16. Mai 2017 16:44 > An: Tomcat Users List; modjkl...@comcast.net > Betreff: Re: how to upgrade tomcat 8.5.x? > > On 5/16/2017 6:37 AM, modjkl...@comcast.net wrote: > > I assume I need

JVM Crash in tcnative due to concurrency/timing in HTTP/2

Hi all, Sorry for the long text. I hope somebody can help me track down the problem I'm facing with Tomcat (8.5.15), tcnative (1.2.12), openssl (1.1.0e) and HTTP/2. JVM is zulu-8.21.0.1 (1.8.0_131-b11) I've added (already for a long time) the logging of the ssl_cipher to the accesslog. For

AW: JVM Crash in tcnative due to concurrency/timing in HTTP/2

Mark, > On 09/06/17 16:02, Kreuser, Peter wrote: > > Hi all, > > > > Sorry for the long text. I hope somebody can help me track down the problem > > I'm facing with Tomcat (8.5.15), tcnative (1.2.12), openssl (1.1.0e) and > > HTTP/2. JVM is zulu-8.21

AW: Connection pool issue was in with 7.0.52 version? And it is fixed in 7.0.78 version?

Sai, May I suggest that you update your production system and see if that helps? No matter if the problem is in the tomcat version or your software, Tomcat 7.0.52 is over three years old, and contains many security related problems. From the release notes I see also quite a few performance and