-mail to [EMAIL PROTECTED] explaining
how this may be accomplished and how one can protect himself from such
exposure.
Regards,
Rossen Raykov
-Original Message-
From: John H [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 15, 2004 1:32 PM
To: Tomcat Users List
Subject: Re: Extending
If you are using apache or another web server as front-end you may do that
mapping on the web server level.
Regards,
Rossen Raykov
-Original Message-
From: Ben Janes [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 15, 2004 10:32 AM
To: Tomcat Users List
Subject: Re: Multiple Paths
moved to Jakarta Tomcat connectors jk-1.2.0 (released
last week) and so fare I didn't have time to observe the new system
behavior.
Regards,
Rossen Raykov
-Original Message-
From: Chris Read [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 01, 2002 5:09 AM
To: 'Tomcat Users List
1. Pass a session token as a parameter (get or post) to all the pages.
2. If you pages are exclusively accessible by SSL connections use the SSL
session ID.
Regards,
Rossen
-Original Message-
From: Alfonso Martinez [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 27, 2002 4:28 PM
You have to use Content-Disposition header.
Try something like:
Content-Disposition: attachment; filename=fname.pdf
Regards,
Rossen Raykov
-Original Message-
From: Philippe de M. Sevestre [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 27, 2002 4:49 PM
To: Tomcat Users List
Cc
Do not mount /servlet/* but only the servlets that you application is really
using.
Regards,
Rossen Raykov
-Original Message-
From: Ramilio D [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 12:30 AM
To: [EMAIL PROTECTED]
Subject: Tomcat Security Problem Help (using
.
That's why I believe Velocity should suffer from this bug in the same way
JSP is.
I didn't test Velocity but there is not any reason that it will be resistant
to this exposure.
Regards,
Rossen Raykov
-Original Message-
From: Kent Perrier [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September
-resource-collection
auth-constraint
role-name/role-name
/auth-constraint
/security-constraint
See the server's documentation for more details.
Regards,
Rossen Raykov
PS. Special thanks to the Tomcat development team for their quick response.
---
Rossen Raykov
COGNICASE U.S.A. Inc
-constraint
You can try and test any of them on you own risk.
Regards,
Rossen Raykov
-Original Message-
From: John Trollinger [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 1:33 PM
To: 'Tomcat Users List'
Subject: RE: tomcat 4.1.12
Map the servlet to a know name using
The problem is not connected directly to the JSPs or the jsp engine.
It's the default servlet that has the problem.
I didn't test it but I believe using this vulnerability one can get Velocity
also.
What he will find inside - depends only on the programmers/designers in both
cases.
Regards,
See the original posting on BugTrag for more details
http://online.securityfocus.com/archive/1/292936/2002-09-21/2002-09-27/0
Regards,
Rossen Raykov
-Original Message-
From: Tim Moore [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 5:34 PM
To: Tomcat Users List
Change the startup script to use the 64-bit data model (use java's -d64
option).
You may need to install it if you do not have it already.
Regards,
Rossen Raykov
-Original Message-
From: Xiaoyu Zhang [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 17, 2002 12:04 PM
To: [EMAIL
these POST problems occur. I don't know
what the source of the problem is, perhaps the remote client
is aborting
the connection before the POST completes? If you find out
the source of
the problem please let me know!
Regards,
Glenn
Rossen Raykov wrote:
I have Tomcat 4.0.4/Struts 1.0.2
then
cause the AJP
Processor read to fail.
Regards,
Glenn
Rossen Raykov wrote:
I suspected that this may be related to that old issue
since it disappeared
after the upgrade to 4.0.4.
I believe it is connected to the ajp13 protocol but I can
not prove it.
The strangest thing
Mark,
Try to use -webinc option and include generated web.xml in the application's
deployment descriptor.
This will map all the generated Java classes to the corresponding JSP URLs.
Regards,
Rossen
-Original Message-
From: Mark O'Driscoll [mailto:[EMAIL PROTECTED]]
Sent: Monday,
Unix permissions do take precedence over java security policy.
Regards,
Rossen
-Original Message-
From: Richard Smith [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 18, 2002 11:12 PM
To: [EMAIL PROTECTED]
Subject: tomcat/unix security manager questions
Hi All,
Just
Try something like:
property name=build.compiler value=jikes/
path id=compile.classpath
pathelement location=${java.home}/jre/lib/rt.jar/
pathelement location=${java.home}/lib/tools.jar/
pathelement location=${tomcat.lib}/jasper-compiler.jar/
pathelement
with -dd)!
Also it looks like the usage of -v option doesn't change anything.
Regards,
Rossen
---
Rossen Raykov
COGNICASE U.S.A. Inc.
(908) 860-1100 Ext. 1140
[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
page, it works fine.
cheers
Chris
-Original Message-
From: Rossen Raykov [mailto:[EMAIL PROTECTED]]
Sent: 03 June 2002 18:08
To: 'Tomcat Users List'
Subject: RE: request.getReader() hanging
Can you reproduce it?
Does it utilize the whole available CPU?
Rossen
()
==
==
-Original Message-
From: Rossen Raykov [mailto:[EMAIL PROTECTED]]
Sent: 05 June 2002 17:01
To: 'Tomcat Users List'
Cc: '[EMAIL PROTECTED]'
Subject: RE: request.getReader() hanging
The problem is that apj13 does not serve servlets and JSP
Can you reproduce it?
Does it utilize the whole available CPU?
Rossen
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 1:21 PM
To: [EMAIL PROTECTED]
Subject: request.getReader() hanging
hi all
recently upgraded, or attempted to
Hi there,
I'm having very similar problem on Solaris 8 JDK 1.3.1_01and Tomcat 4.0.3.
It was even worst with JDK 1.3.1_03-b03 since java was crashing with bug
report info.
I spend sometime to investigate the problem and I discovered the following:
1. apaches CPU usage grows as it is possible;
2.
I'm trying to use jikes as a JPS compiler in Tomcat 4.0.3 but it is
receiving extra parameter -encoding UTF8 which is braking the compilation
process.
I'm using JDK 1.3.1_01 on Solaris 8 but the same result I had also with JDK
1.4.0.
In my per server web.xml I have:
-- CUT ---
servlet
Hi All,
I noticed that tomcat4 is not serving all requests.
The count of the requests served by it (reported in the access log file and
also by RequestDumper) is smaller to the real one.
I verified it using ngrep.
I looks like it is not serving about 40% from the requests for static
content (gif
24 matches
Mail list logo