Kent Cole wrote:
I did exactly that. I have tomcat 6.0.26 as my current production. I
installed tomcat 7.0.32 to test my app on before migrating it. I have the
following environmental variable in both .bash_profile and .bashrc
CATALINA_HOME=/var/apache-tomcat-6.0.26
When I run ./startup.sh
Saw some links on internet.
We will be making the upgrade on Linux. It was deployed long back so not sure
how was this completed earlier.
Regards,
Pankaj Dahiya | Infosys, Chandigarh | +91 172 5021100 x 6536, +91 9646338213 |
www.infosys.com
-Original Message-
From: André Warnier
Read the Tomcat docs for installation and install a new Tomcat
alongside the old one.
Compare the configuration, adjust the new one as required and as per
the docs. NB don't blindly copy old config files.
Stop the old one.
Start the new one.
Deploy your app to it.
p
On 22 Nov 2012, at
On 22 Nov 2012, at 07:15, Sekar, Vasanth vasanth.se...@supervalu.com wrote:
Hello-
I am working on a project where we are migrating a web app from JRUN 4.0
to Tomcat 6.0 and facing some sort of caching problem with one of the
functionality.
You refer to Tomcat 6.0.18 in the subject, why
On 22 Nov 2012, at 07:34, Aditi Sinha adisinha0...@gmail.com wrote:
Hi Mark, Chuck,
Thanks for the explanation.
On checking found that, below system properties are set to true by our
application for a requirement.
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH:
2012/11/21 Andrei Petru Mura mapand...@gmail.com:
Hello,
My issue can be related to Servlets, but it also can be related to Tomcat.
I'm using tomcat 7.0.27.
In my servlet's post method I have the following:
protected void doPost(HttpServletRequest request, HttpServletResponse
response)
If you top-post (which is strongly discouraged on this list), it makes it very difficult
to answer your questions and still leave the whole thing understandable for other people
who may try to follow this thread.
Aditi Sinha wrote:
Hi Mark, Chuck,
Thanks for the explanation.
On checking
On Thu, Nov 22, 2012 at 10:33 AM, Konstantin Kolinko knst.koli...@gmail.com
wrote:
2012/11/21 Andrei Petru Mura mapand...@gmail.com:
In my servlet's post method I have the following:
protected void doPost(HttpServletRequest request, HttpServletResponse
response) throws ServletException,
On the risk to miss something,
if we run 2 tomcats,
we have two JVM's running,
AND
each is listening on a set of exactly defined ports
this as per tomcat xml files used to configure each tomcat.
How about that?
On which port do you intend
to talk to tomcat-6.0.26 and on which port do you
2012/11/21 Johan Gunnarsson johan.gunnars...@init.se:
Is there some way to tag log messages in log4j.properties depending on
different criteria?
Today I am splitting up the files like this:
log4j.category.foo.bar=WARN, ALOG, CATCHALL
Hi Andre,
Agree with your points.
Just wanted to know more about “Directory Traversal Attack.
Can it lead to access of directories outside Tomcat/webapps folder also
or can it just try to access the applications within Tomcat/webapps
folder only?
Thanks Regards,
Aditi
On 22/11/12 10:52, Aditi Sinha wrote:
Hi Andre,
Agree with your points.
Just wanted to know more about “Directory Traversal Attack.
Can it lead to access of directories outside Tomcat/webapps folder also
or can it just try to access the applications within Tomcat/webapps
folder only?
Athanasios Kostopoulos wrote:
On 22/11/12 10:52, Aditi Sinha wrote:
Hi Andre,
Agree with your points.
Just wanted to know more about “Directory Traversal Attack.
Can it lead to access of directories outside Tomcat/webapps folder also
or can it just try to access the applications within
Thanks Guys.
As per my reading of the suggested material and looking at the logs that
Andre has shared, I think there are two ways in which the directory
traversal attack could be made.
1. By having ..\ equivalents in the URL itself
2. By having ..\ equivalents in the request parameters.
In my
From: Pankaj Dahiya [mailto:pankaj_dah...@infosys.com]
Subject: RE: Apache Tomcat upgrade from 6.0.20 to 6.0.36
Don't top post.
Saw some links on internet.
Why don't you use the proper documentation rather than search? There's a link
on the Tomcat home page:
On 11/22/2012 8:35 AM, Aditi Sinha wrote:
Thanks Guys.
As per my reading of the suggested material and looking at the logs that
Andre has shared, I think there are two ways in which the directory
traversal attack could be made.
1. By having ..\ equivalents in the URL itself
2. By having ..\
On 22/11/2012 15:11, David Kerber wrote:
On 11/22/2012 8:35 AM, Aditi Sinha wrote:
Thanks Guys.
As per my reading of the suggested material and looking at the logs that
Andre has shared, I think there are two ways in which the directory
traversal attack could be made.
1. By having ..\
Andrew,
Your answer in the third part is what I wanted confirmation on.
Thanks for the help and detailed answer,
Kent
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Thursday, November 22, 2012 3:06 AM
To: Tomcat Users List
Subject: Re: Running two
Hi,
Please see my inline comments.
Thank you,
Regards,
Vasanth Sekar
-Original Message-
From: Pid * [mailto:p...@pidster.com]
Sent: Thursday, November 22, 2012 1:28 AM
To: Tomcat Users List
Subject: Re: Tomcat 6.0.18 Caching Question
On 22 Nov 2012, at 07:15, Sekar, Vasanth
On 22/11/2012 15:39, Sekar, Vasanth wrote:
That's the standard version that we have inside our environment for Prod move
at this point.
Tomcat 7.0.8 build is underway but not in our Prod environment yet. So, for
now
I have to use the current standard version and hence using this particular
Aditi Sinha wrote:
Thanks Guys.
As per my reading of the suggested material and looking at the logs that
Andre has shared, I think there are two ways in which the directory
traversal attack could be made.
1. By having ..\ equivalents in the URL itself
2. By having ..\ equivalents in the
On 22/11/2012 09:52, Aditi Sinha wrote:
Hi Andre,
Agree with your points.
Just wanted to know more about “Directory Traversal Attack.
Can it lead to access of directories outside Tomcat/webapps folder also
For the last time, this is in all probability a false positive due to a
crappy
From: Sekar, Vasanth [mailto:vasanth.se...@supervalu.com]
Subject: RE: Tomcat 6.0.18 Caching Question
That's the standard version that we have inside our environment for
Prod move at this point.
Your upgrade strategy is very seriously flawed.
Tomcat 7.0.8 build is underway but not in our
On 22/11/2012 16:29, Mark Thomas wrote:
On 22/11/2012 15:39, Sekar, Vasanth wrote:
That's the standard version that we have inside our environment for Prod
move at this point.
Tomcat 7.0.8 build is underway but not in our Prod environment yet. So, for
now
I have to use the current standard
I very well understand the point everyone are trying to make here . But,
unfortunately I have to go with the approved version with in our environment. I
believe there were also talks about 7.0.26 but it will be quite some time
before they pilot everything and approve the version for Prod usage
Sekar, Vasanth wrote:
I very well understand the point everyone are trying to make here . But,
unfortunately I have to go with the approved version with in our environment. I
believe there were also talks about 7.0.26 but it will be quite some time
before they pilot everything and approve the
I am trying to disable the caching under work/catalina - _jsp.java
_jsp.class by doing the following
In context added the following cachingAllowed = false parameter
Context path=/test
docBase=test
cachingAllowed=false
Deleted the work/catalina cache and restarted the tomcat
Hi,
I tried to use the Apache Tomcat Native Library 1.1.24 using APR version
1.4.6 with my Tomcat 7.0.32 server but after installing it
I cannot connect over ipv4.
Using Tomcat with the Native Library on Fedora 14 everything starts up fine.
However a telnet 127.0.0.1 80 gives a 'Connection
Dears,
My PC environment are windows XP professional Version 2002 Service Pack 3,
JDK1.6, Tomcat7.0.30.
my Java web project is an internet online chat-room based on websocket. I run
the local-host service in Tomcat and then connect my chat-room in chrome,
if the connection between server and
On Thu, Nov 22, 2012 at 04:49:42PM +, Pid wrote:
Have you read the security vulnerability pages?
Maybe he's emailing us from the year 2008.
Maybe. That said, I am not too keen to see every other question on this list
being turned into a question about upgrading. Most of the questions are
From: a b [mailto:jruoh...@gmail.com] On Behalf Of Jukka Ruohonen
Subject: Re: Tomcat 6.0.18 Caching Question
I am not too keen to see every other question on this list
being turned into a question about upgrading.
There are two significant reasons for sites to stay up to date on server
From: Sekar, Vasanth [mailto:vasanth.se...@supervalu.com]
Subject: RE: Tomcat 6.0.18 Caching Question
I am trying to disable the caching under work/catalina - _jsp.java
_jsp.class by doing the following
That's not caching; that's where the translated and then compiled JSP are
placed as a
*Whether someone can get access to any file/directory outside the tomcat
webapps folder using Style 1 (using ..\ equivalent in the URL itself)
Directory traversal attack (scoped to Tomcat) on Windows.*
Have you tried this?
How does Tomcat respond?
I tried to access some files outside the
For example, if inside of your webapps directory, you had symbolic links
leading elsewhere (but I don't think that under Windows this works).
*Inside webapps directory, we do not have any symbolic links.*
In your normal setup, is there any front-end system in front of Tomcat, or
do clients
Test it yourself. Are you able to access a directory or file below the
level of the webapps directory, simply by using a specially crafted request?
*With our testing could not access any files/directory outside webapps
folder.*
Thanks Regards,
Aditi
Hi,
We are using Apache 2.2 installed on windows server 2008 Enterprise
edition, 64 bit. I am extremely surprised that the log file mod_jk.log
(Apache2.2/logs) is increasing so rapidly to 21 GB and I am having space
issue due to the same.
I did search on internet but could not find any useful.
All evidence at the moment indicates that your JSP code is the most
likely suspect.
Okay, I will scan through the logic in the code once again very closely.
Like I said before the same code works fine in JRUN and also in Tomcat
for the first time. This problem occurs only in Tomcat upon
lokesh borse lokesh@gmail.com schrieb:
Hi,
We are using Apache 2.2 installed on windows server 2008 Enterprise
edition, 64 bit. I am extremely surprised that the log file mod_jk.log
(Apache2.2/logs) is increasing so rapidly to 21 GB and I am having
space
issue due to the same.
I did
Caldarale, Charles R chuck.caldar...@unisys.com wrote:
From: a b [mailto:jruoh...@gmail.com] On Behalf Of Jukka Ruohonen
Subject: Re: Tomcat 6.0.18 Caching Question
I am not too keen to see every other question on this list
being turned into a question about upgrading.
There are two
Sekar, Vasanth vasanth.se...@supervalu.com wrote:
All evidence at the moment indicates that your JSP code is the most
likely suspect.
Okay, I will scan through the logic in the code once again very
closely.
A better idea would be to create the simplest possible JSP that reproduces the
40 matches
Mail list logo
