Issues with accessing Apache Httpd Modules

2016-11-27 Thread kruthika.krishnan
Hi , I am trying to access the apache HTTPD modules for Apache version 2.4, through the URL http://modules.apache.org/ It shows an error: Service Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Is

Re: Thread-safety of javax.servlet.Servlet#getServletConfig()

2016-11-27 Thread andreas
On Fri, 25 Nov 2016 23:02:00 +0930 Péter Gergely Horváth wrote >Hi All, > >I am wondering why calling javax.servlet.Servlet#getServletConfig() is >thread safe: if you check the implementation in > javax.servlet.GenericServlet from servlet API 3.0.1, you see the following: >

Re: [SECURITY] CVE-2016-6816 Apache Tomcat Information Disclosure

2016-11-27 Thread Utkarsh Dave
Please ignore my previous mail. I got the correct one https://tomcat.apache.org/security-7.html On Sun, Nov 27, 2016 at 6:41 PM, Utkarsh Dave wrote: > Hi All > > This vulnerability (CVE-2016-6816) is said to be "Affects: 9.0.0.M1 to > 9.0.0.M11" on another url

Re: [SECURITY] CVE-2016-6816 Apache Tomcat Information Disclosure

2016-11-27 Thread Utkarsh Dave
Hi All This vulnerability (CVE-2016-6816) is said to be "Affects: 9.0.0.M1 to 9.0.0.M11" on another url https://tomcat.apache.org/security-9.html. But in the mail it says Tomcat 7 is also affected. Does this vulnerability affects version 7.0.72 -Regards Utkarsh On Tue, Nov 22, 2016 at 1:42 AM,

Re: Apache/Tomcat vulnerability

2016-11-27 Thread tomcat
On 27.11.2016 19:03, Jaaz Portal wrote: 2016-11-27 18:30 GMT+01:00 André Warnier (tomcat) : On 27.11.2016 14:26, Jaaz Portal wrote: hi, everything i know so far is just this single log line that appeared in apache error.log [Fri Nov 25 13:08:00.647835 2016]

Re: Apache/Tomcat vulnerability

2016-11-27 Thread Jaaz Portal
2016-11-27 18:30 GMT+01:00 André Warnier (tomcat) : > On 27.11.2016 14:26, Jaaz Portal wrote: > >> hi, >> everything i know so far is just this single log line that appeared in >> apache error.log >> >> [Fri Nov 25 13:08:00.647835 2016] [mpm_event:error] [pid 13385:tid >>

Re: Apache/Tomcat vulnerability

2016-11-27 Thread tomcat
On 27.11.2016 14:26, Jaaz Portal wrote: hi, everything i know so far is just this single log line that appeared in apache error.log [Fri Nov 25 13:08:00.647835 2016] [mpm_event:error] [pid 13385:tid 1397934896385 92] AH00484: server reached MaxRequestWorkers setting, consider raising the MaxR

Re: Apache/Tomcat vulnerability

2016-11-27 Thread Jaaz Portal
hi, everything i know so far is just this single log line that appeared in apache error.log [Fri Nov 25 13:08:00.647835 2016] [mpm_event:error] [pid 13385:tid 1397934896385 92] AH00484: server reached MaxRequestWorkers setting, consider raising the MaxR equestWorkers setting there was nothing

Re: Apache/Tomcat vulnerability

2016-11-27 Thread tomcat
On 27.11.2016 13:23, Jaaz Portal wrote: hi Andre, thank you very much this was very educative but in my case it is little bit different. The server is no flooded, there is maybe dozen of very sophisticated connections that somehow hangs apache workers threads Can you be a bit more specific ?

Re: Apache/Tomcat vulnerability

2016-11-27 Thread Jaaz Portal
hi Andre, thank you very much this was very educative but in my case it is little bit different. The server is no flooded, there is maybe dozen of very sophisticated connections that somehow hangs apache workers threads and the effect is permanent. Quickly the pool is exhausted and the only

Re: Apache/Tomcat vulnerability

2016-11-27 Thread tomcat
Hi. Have a look that the indicated parameters in the two pages below. You may be the target of such a variant of DDoS attack : many clients open a TCP connection to your server (front-end), but then never sends a HTTP request on that connection. In the meantime, the server accepts the TCP