Re: Amazon EC2 Tomcat 7.0.85 not starting up due to some memory issue .Please mask if

Thanks Jakel for the link and thanks Shawn for reply and some insights. I did scan some of my application logs and can see some kind of XSS attacks originating from china/Russia .Most of them were targeted to the database. Tried to reproduce many of them , they don't yield anything. I have not

Re: Tomcat 4.0.6 / 6.0.37 Struts 1.2.8 XSS CVE-2006-1548

On 17/05/18 17:43, Chris Bonk wrote: > Hey Mark, > > I really appreciate your reply. > > I can't see anything in the revision that specifically states sanitization > however my Java isn't the best nor my software development with regards to > what a "Valve" would be responsible for. I suspect

Re: Help with Tomcat Automatic Application Deployment

On 17/05/18 17:03, sri devops wrote: > Sure i will work in fixing the memory leak and i have another QQ. > > Now that I set autoDeploy=false in order to have more control on my tomcat. I > stopped Tomcat, deploy war file and started tomcat and tomcat is extracting > the war just fine without

Re: SSL Certificates and Tomcat 8.5.11

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Laurie, On 5/17/18 11:33 AM, Laurie Miller-Cook wrote: > I am very new to Tomcat so please bear with me. Welcome. > I currently have a Thawte certificate that is installed within IIS > for our domain that is all managed by Rackspace. > > I now

Re: Tomcat 4.0.6 / 6.0.37 Struts 1.2.8 XSS CVE-2006-1548

Hey Mark, I really appreciate your reply. I can't see anything in the revision that specifically states sanitization however my Java isn't the best nor my software development with regards to what a "Valve" would be responsible for. I suspect that worrying about XSS at that level isn't a

Re: Help with Tomcat Automatic Application Deployment

Sure i will work in fixing the memory leak and i have another QQ. Now that I set autoDeploy=false in order to have more control on my tomcat. I stopped Tomcat, deploy war file and started tomcat and tomcat is extracting the war just fine without having deployOnStartup attribute stated anywhere.

Re: Help with Tomcat Automatic Application Deployment

On 16 May 2018 23:01:14 BST, sri devops wrote: >Thanks Mark, your answer is very helpful. I tried many scenarios using >your >inputs. > >I want Tomcat to NOT perform reload but it needs to perform a redeploy >when >context.xml is changed. So i set autoDeploy=true and

Re: Tomcat 4.0.6 / 6.0.37 Struts 1.2.8 XSS CVE-2006-1548

On 17 May 2018 15:46:07 BST, Chris Bonk wrote: >Hello, > >I have a strange issue, I am trying to track down the root cause for an >ancient CVE-2006-1548 > >http://struts.1045723.n5.nabble.com/DO-NOT-REPLY-Bug-38749-New-XSS-vulnerability-in-LookupDispatchAction-td3510079.html

Re: SSL Certificates and Tomcat 8.5.11

Hi Laurie, This is what I do. I don't use keystore. I use this within SSLHostConfig section. > On May 17, 2018, at 11:33 AM, Laurie Miller-Cook > wrote: > > Hi there, > > I am very new to Tomcat so please bear with me. > > I currently have a Thawte

SSL Certificates and Tomcat 8.5.11

Hi there, I am very new to Tomcat so please bear with me. I currently have a Thawte certificate that is installed within IIS for our domain that is all managed by Rackspace. I now have a new server set-up with Tomcat 8.5.11 installed and have created a keystore. I have been supplied by

Tomcat 4.0.6 / 6.0.37 Struts 1.2.8 XSS CVE-2006-1548

Hello, I have a strange issue, I am trying to track down the root cause for an ancient CVE-2006-1548 http://struts.1045723.n5.nabble.com/DO-NOT-REPLY-Bug-38749-New-XSS-vulnerability-in-LookupDispatchAction-td3510079.html I can replicate the XSS in Tomcat 4.0.6, however in Tomcat 6.0.37 the html

Issue with WebResource Caching

Hi, We're seeing an issue with how WebResources are cached that started occurring in Tomcat 8.0.39 (we're using Ubuntu Xenial but I don't believe it's related to anything in the OS). Some of the CSS/JS files that we serve are packed inside JAR files. These files are served by a filter that

RE: Amazon EC2 Tomcat 7.0.85 not starting up due to some memory issue .Please mask if

Dear Kiran, there might be many other ways to compromise your server. But I wonder about the application you run on you Tomcat and if you know about the wide-used exploit in the Java JSF library "Primefaces" (see https://www.exploit-db.com/exploits/43733/). With greetings Guido