Below are the two connector configs I have tested with.
-John
-Original Message-
From: Mark Thomas
Sent: Saturday, February 29, 2020 2:12 AM
To: users@tomcat.apache.org
Subject: Re: OpenSSL config for Tomcat 7
On 29/02/2020 00:22, John Beaulaurier -X (jbeaulau - ADVANCED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
John,
On 3/2/20 12:26, John Beaulaurier -X (jbeaulau - ADVANCED NETWORK
INFORMATION INC at Cisco) wrote:
> Yes, that is what I have done.
Can you please post your actual configuration? Also,
please list the order of certificates in your
And when you are at it, also mention there in big letters that they really
should read the release notes... This tomcat will not work with all the
major frameworks people use for quite some time...
Op ma 2 mrt. 2020 18:23 schreef Christopher Schultz <
ch...@christopherschultz.net>:
> -BEGIN
Yes, that is what I have done.
-Original Message-
From: Jason Wee
Sent: Friday, February 28, 2020 11:29 PM
To: Tomcat Users List
Subject: Re: OpenSSL config for Tomcat 7
when you stack them, do you mean you cat those certificates into one pem file?
On Sat, Feb 29, 2020 at 8:22 AM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
If you go to tomcat.apache.org right now, you'll see documentation and
downloads for Tomcat 10. In the news section, it's shown as 10.0.0-M1
so that might be an indication that it's not a "normal" release.
Anyone going to the site and not
Thanks Mark
-Original Message-
From: Mark Thomas
Sent: Monday, March 2, 2020 12:11 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat 10.0.0-M1 can't get JSP taglib to work
On 02/03/2020 14:49, e...@wolfecomputerservices.com wrote:
> Thanks for the reply Mark!
>
> Well, that stinks!
On 02/03/2020 14:49, e...@wolfecomputerservices.com wrote:
> Thanks for the reply Mark!
>
> Well, that stinks! It is new development and so it would only make sense to
> use the latest server; however, if it is a step backward in functionality
> (because supporting libraries are not available)
Thanks for the reply Mark!
Well, that stinks! It is new development and so it would only make sense to
use the latest server; however, if it is a step backward in functionality
(because supporting libraries are not available) then I guess I'll have to
use the previous version.
-Original
On 02/03/2020 14:16, e...@wolfecomputerservices.com wrote:
> I have tried everything in the multiple threads on this site (non of them
> were for Tomcat 10 and non of the solved problem. I am using Apache
> NetBeans 11.1 with Apache Tomcat 10.0.0-M1. Below is my configuration -- if
> I remove the
I have tried everything in the multiple threads on this site (non of them
were for Tomcat 10 and non of the solved problem. I am using Apache
NetBeans 11.1 with Apache Tomcat 10.0.0-M1. Below is my configuration -- if
I remove the taglib line from my jsp file, the error goes away.
web.xml:
My bad - I was looking in the catalina log, not the localhost log...
Now I see the config being parsed:
01-Mar-2020 21:12:49.147 FINE [localhost-startStop-1]
org.apache.catalina.valves.rewrite.RewriteValve.startInternal Read
configuration from: /WEB-INF/rewrite.config
01-Mar-2020 21:12:49.155
No matter where I place the rewrite.config, cannot get the
RewriteValve to find it.
I tried:
* /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml and
/usr/local/tomcat/webapps/ROOT/WEB-INF/rewrite.config
* /usr/local/tomcat/conf/context.xml and
/usr/local/tomcat/conf/localhost/rewrite.config
The
The Apache Tomcat team announces that support for Apache Tomcat 7.0.x
will end on 31 March 2021.
This means that after 31 March 2021:
- releases from the 7.0.x branch are highly unlikely
- bugs affecting only the 7.0.x branch will not be addressed
- security vulnerability reports will not be
On 02/03/2020 10:12, js84 wrote:
> Hello!
>
> Proposed work-arounds don’t cover possible vulnerability over a reverse proxy:
Correct.
> Can an attacker abuse AJP vulnerability when access is mapped by mod_jk or
> mod_proxy_ajp?
No.
Mark
>
> Kind regards,
> Johann
>
> Von: Mark Thomas
>
Hello!
Proposed work-arounds don’t cover possible vulnerability over a reverse proxy:
Can an attacker abuse AJP vulnerability when access is mapped by mod_jk or
mod_proxy_ajp?
Kind regards,
Johann
Von: Mark Thomas
Gesendet: Montag, 2. März 2020 10:11
An: users@tomcat.apache.org
Betreff: Re:
Hello!
Proposed work-arounds don’t cover possible vulnerability over a reverse proxy:
Can an attacker abuse AJP vulnerability when access is mapped by mod_jk or
mod_proxy_ajp?
Kind regards,
Johann
Von: Mark Thomas
Gesendet: Montag, 2. März 2020 10:11
An: users@tomcat.apache.org
Betreff: Re:
On 01/03/2020 23:34, Stefan Mayr wrote:
> Am 24.02.2020 um 13:47 schrieb Mark Thomas:
>> CVE-2020-1938 AJP Request Injection and potential Remote Code Execution
>>
>> Severity: High
>>
>> ...
>> - returning arbitrary files from anywhere in the web application
>> including under the WEB-INF and
On 02.03.2020 07:38, Rathore, Rajendra wrote:
Hi Calder/Team,
I set the below flag as false but still it will giving the same error.
If you really changed that attribute in the right place, and you restarted tomcat, it is
quite unlikely that you would have the same error in the log.
But if
18 matches
Mail list logo
