-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 9/7/2009 10:18 AM, sunil chandran wrote:
> Hello all,
> As per the suggestion from tomcat forum users,I went ahead and installed
> tomcat4.1.40
> Then i copied the original webapps file from the back up tomcat (old version).
> I tried to st
sunil chandran wrote:
> Hello all,
> As per the suggestion from tomcat forum users,I went ahead and installed
> tomcat4.1.40
> Then i copied the original webapps file from the back up tomcat (old version).
> I tried to start the server. It shows this error
> Sep 7, 2009 10:13:11 PM org.apache.coyo
: avoiding ssl vulnerabilities in tomcat
To: "Tomcat Users List"
Date: Friday, 14 August, 2009, 7:55 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/13/2009 1:11 AM, sunil chandran wrote:
> Now installing tomcat 4.1.40 what all changes will be required in my sevice..
>
: avoiding ssl vulnerabilities in tomcat
To: "Tomcat Users List"
Date: Friday, 14 August, 2009, 7:55 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/13/2009 1:11 AM, sunil chandran wrote:
> Now installing tomcat 4.1.40 what all changes will be required in my sevice..
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/13/2009 1:11 AM, sunil chandran wrote:
> Now installing tomcat 4.1.40 what all changes will be required in my sevice..
>
> no change in application?
You are very unlikely to require any webapp changes.
> maybe installation and configura
August 13, 2009 11:20 AM
> To: Tomcat Users List
> Subject: Re: avoiding ssl vulnerabilities in tomcat
>
> sunil,
>
> please read this : http://slash7.com/pages/vampires
>
> -
> To unsubscribe, e-mail: u
sunil,
please read this : http://slash7.com/pages/vampires
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
investing in some Tomcat training/books/tutorials.
p
--- On Wed, 12/8/09, Christopher Schultz wrote:
From: Christopher Schultz
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: "Tomcat Users List"
Date: Wednesday, 12 August, 2009, 8:15 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: S
.
Can you please tell me what you mean by improving patch level.
How should i install tomcat 4.1.40 on tomcat 4.1.24? is it sperate installation
or patch? Please help me
--- On Wed, 12/8/09, Christopher Schultz wrote:
From: Christopher Schultz
Subject: Re: avoiding ssl vulnerabilities in tomcat
and configuration changes will be needed?
change needed in logging?
should i stop the tomcat 4 service running and then install this new tomcat
4.1.40?
Please help
--- On Wed, 12/8/09, Christopher Schultz wrote:
From: Christopher Schultz
Subject: Re: avoiding ssl vulnerabilities in tomcat
To
Chris -
(I just did a reply in Outlook and this is how it got packaged. Didn't look
that way to me, but got it that way on the send-back. Either Exchange or my
email filter - which adds the confidentialiy footer - did this.)
I figured it was only with the regular. Just wanted a clarification i
et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
Subject: RE: avoiding ssl vulnerabilities in tomcat
Date: Wed, 12 Aug 200
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff,
(Strange... to me, your message looked like an attachment to the
security notice that would typically be put at the end of a message.
When I tried to reply to that, all the characters got all wonky. At
least coy-paste still works :)
On 8/12/200
e APR/OpenSSL connector.
Correct?
Jeff
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, August 12, 2009 9:46 AM
To: Tomcat Users List
Subject: Re: avoiding ssl vulnerabilities in tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/12/2009 3:12 AM, sunil chandran wrote:
> The issue is SSL vulnerability. from the responses, i understood that
> i need to upgrade to tomcat latest version. As per the team, it is
> recommended to go for Tomcat 5 in our environment.
With
> From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in]
> Subject: Re: avoiding ssl vulnerabilities in tomcat
>
> As per the team, it is recommended to go for Tomcat 5
> in our environment.
Why would you waste your time with Tomcat 5? If you're going to upgrade from
4,
ny modifications you need. Be aware that
> the config has changed in particular:
> - the element is no longer used
> - Resource configuration has changed
>
> See the docs for the details.
>
> Mark
>
>
>
>>
>>
>>
>> --- On Mon, 10/8/09, Caldar
version?Do i need to perform some
additional stuff to avoid this vulnerability?Any modification to be done in
server.xml file to avoid the SSL vulnerability
regardsSunil C
--- On Tue, 11/8/09, Mark Thomas wrote:
From: Mark Thomas
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: "Tomcat
;
> --- On Mon, 10/8/09, Caldarale, Charles R wrote:
>
>
> From: Caldarale, Charles R
> Subject: RE: avoiding ssl vulnerabilities in tomcat
> To: "Tomcat Users List"
> Date: Monday, 10 August, 2009, 7:10 PM
>
>
>> From: sunil chandran [mailto:sunilonw
Hello all,
OK i will upgrade.
But what all changes required to update to tomcat 5.
what all changes reuired to upgrade to tomcat 4.1.40
--- On Mon, 10/8/09, Caldarale, Charles R wrote:
From: Caldarale, Charles R
Subject: RE: avoiding ssl vulnerabilities in tomcat
To: "Tomcat Users
> From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in]
> Subject: Re: avoiding ssl vulnerabilities in tomcat
>
> Is there any patch provided so that i can still use the same version
> 4.1.24 itself.
No, you *must* upgrade. Your reluctance to do so borders on the ridiculous.
: Mark Thomas
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: "Tomcat Users List"
Date: Monday, 10 August, 2009, 3:37 PM
sunil chandran wrote:
> Hello all,
> I found this issue form support team:
> THREAT:
> The Secure
> Socket Layer (SSL) protocol allows for sec
u need to upgrade to 4.1.32
or later to avoid this issue.
Given that there are other, arguably more serious vulnerabilities, still
present in 4.1.32 if you must stay on 4.1.x then you should upgrade to
4.1.40.
Mark
> regardsSunil C
>
> --- On Tue, 4/8/09, Mark Thomas wrote:
>
> Fr
le support
for anonymous authentication
Please tell me what exactly i must do in tomcat 4 to avoid this ssl
vulnerabilties.
Please help.
regardsSunil C
--- On Tue, 4/8/09, Mark Thomas wrote:
From: Mark Thomas
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: "Tomcat Users List"
sunil chandran wrote:
> Hello sir,
>
> I am sorry. I am using tomcat 4
Tomcat 4 is no longer supported. You *really* need to upgrade.
>
> port="8443" minProcessors="5" maxProcessors="150"
>enableLookups="true"
>acceptCount="100" debug="0" sc
;
>
>
> this is the portion of server.xml. I have anabled ssl.
>
> still there is some vulnerabilities as informed by supprot team. They say
> that tomcat is configured to access without authentication.
>
> 1. is it true?
> 2. How can we confirm if the tomca
if the tomcat SSL is configure using any algorithm to
authenticate or “none”.
please help me.
regards
Sunil C
--- On Tue, 4/8/09, Mark Thomas wrote:
From: Mark Thomas
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: "Tomcat Users List"
Date: Tuesday, 4 August, 200
sunil chandran wrote:
> there are some vulnerability existing on my server:
>
> SSL Server Allows Cleartext Communication Vulnerability
> Can someone help me identify the place in server.xml file to avoid these
> vulnerabilties.
You didn't say which Tomcat version so I am going to assume 6.
28 matches
Mail list logo