This thread was super useful. thanks for sharing
On Wed, Apr 17, 2019 at 3:29 PM John Palmer wrote:
> I'm still struggling with getting APR/OpenSSL to do the OCSP check.
>
> I'd appreciate some tips:
> versions: Java 8 (1.8.0_202), 64-bit, tomcat 8.5.38, APR 1.2.21
> using APR/OpenSSL (the
Am 2019-08-01 um 20:36 schrieb Mark Thomas:
On 01/08/2019 19:08, John Dale wrote:
I'm getting this in my logs - is this an attack do you think?
Unlikely to be an attack. Most likely a broken client.
There is another scenario:
Regular security scans on all corporate subnets from sec dept. I
On 01/08/2019 20:07, Justiniano, Tony wrote:
> And that is what I was thinking, inadvertently, our scanning tool just found
> the apache version during a scan and corresponded it (the apache version)
> with a CVE.
>
> Do you concur?
Sounds likely. Most low quality scanning tools only look at
Forwarding from an initial email this morning.
___
Good Morning,
I have been referred to this team in an attempt to have some questions
answered. Before I ask those question let me provide a little background on
how I got to this point.
And that is what I was thinking, inadvertently, our scanning tool just found
the apache version during a scan and corresponded it (the apache version) with
a CVE.
Do you concur?
Tony Justiniano
Engineer I, EUS Engineering
Wyndham Destinations
6277 Sea Harbor Drive
Orlando, FL 32821
Office:
чт, 1 авг. 2019 г. в 22:11, John Dale :
>
> Great feedback. Thanks.
>
> I am the network department. :)
>
> This is a public facing service and shortly after I see this in the
> log, I get an OOM exception and server shutdown. Twice now this
> morning.
>
The exception text is a bit misleading.
As of recently Azul has backported the JSSE from Java 11 into Java 8 [1] and it
is currently offering TLSv1.3 support in its Java 8 distro [2]. Does this help
TC with JSSE SSL engine to also offer TLSv1.3 on its SSL listeners?
[1] https://github.com/openjsse/openjsse
[2]
On 01/08/2019 21:42, George Stanchev wrote:
> As of recently Azul has backported the JSSE from Java 11 into Java 8 [1] and
> it is currently offering TLSv1.3 support in its Java 8 distro [2]. Does this
> help TC with JSSE SSL engine to also offer TLSv1.3 on its SSL listeners?
It the JRE
On 01/08/2019 19:08, John Dale wrote:
> I'm getting this in my logs - is this an attack do you think?
Unlikely to be an attack. Most likely a broken client.
> How
> might I determine this?
debug logging for org.apache.coyote.http11.Http11InputBuffer is going to
log the request line and HTTP
Great feedback. Thanks.
I am the network department. :)
This is a public facing service and shortly after I see this in the
log, I get an OOM exception and server shutdown. Twice now this
morning.
Hmm .. :\
John
On 8/1/19, Michael Osipov wrote:
> Am 2019-08-01 um 20:36 schrieb Mark
Folks,
I've been using Tomcat for a long time but am new-ish to NIO (Tomcat 8.5.) It
seems that one of the big benefits of NIO is decoupling the worker threads from
the client connections. I can now have a large number of open connections
without a corresponding large number of threads.
I
On 01/08/2019 21:10, john.e.gr...@wellsfargo.com.INVALID wrote:
> Folks,
>
> I've been using Tomcat for a long time but am new-ish to NIO (Tomcat 8.5.)
> It seems that one of the big benefits of NIO is decoupling the worker threads
> from the client connections. I can now have a large number
My apologies, the version of Apache that came with the application is 9.0.13.
Tony Justiniano
Engineer I, EUS Engineering
Wyndham Destinations
6277 Sea Harbor Drive
Orlando, FL 32821
Office: +1-407-626-5416
Mobile: +1-407-463-4297
tony.justini...@wyn.com
-Original Message-
From: John
On 01/08/2019 19:49, Justiniano, Tony wrote:
> Forwarding from an initial email this morning.
>
> ___
>
> Good Morning,
>
> I have been referred to this team in an attempt to have some questions
> answered. Before I ask those question let me
Am 2019-08-01 um 21:19 schrieb Mark Thomas:
On 01/08/2019 20:07, Justiniano, Tony wrote:
And that is what I was thinking, inadvertently, our scanning tool just found
the apache version during a scan and corresponded it (the apache version) with
a CVE.
Do you concur?
Sounds likely. Most low
9.0.16.0 - this is the version installed with apt-get tomcat9 on ubuntu 18.04
Thank you for your feedback.
John
On 8/1/19, Konstantin Kolinko wrote:
> чт, 1 авг. 2019 г. в 22:11, John Dale :
>>
>> Great feedback. Thanks.
>>
>> I am the network department. :)
>>
>> This is a public facing
On 31.07.2019 20:26, Potgieter, Carlo wrote:
> On 31.07.2019 14:49, Mark Thomas wrote:
>> On 31/07/2019 13:03, Potgieter, Carlo wrote:
>>>
>>>
>>> On 31/07/2019 12:48, Potgieter, Carlo wrote:
I was hoping to obtain some assistance. We have used a library to convert
MS Office documents
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
George,
On 8/1/19 16:42, George Stanchev wrote:
> As of recently Azul has backported the JSSE from Java 11 into Java
> 8 [1] and it is currently offering TLSv1.3 support in its Java 8
> distro [2].
Good for them. It's too bad Oracle is so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 8/1/19 15:21, Michael Osipov wrote:
> Am 2019-08-01 um 21:19 schrieb Mark Thomas:
>> On 01/08/2019 20:07, Justiniano, Tony wrote:
>>> And that is what I was thinking, inadvertently, our scanning
>>> tool just found the apache version
On 01.08.2019 13:02, Potgieter, Carlo wrote:
> On 31.07.2019 20:26, Potgieter, Carlo wrote:
>> On 31.07.2019 14:49, Mark Thomas wrote:
>>> On 31/07/2019 13:03, Potgieter, Carlo wrote:
On 31/07/2019 12:48, Potgieter, Carlo wrote:
> I was hoping to obtain some assistance. We have
Michael, Mark and Chris,
> Am 02.08.2019 um 01:40 schrieb Christopher Schultz
> :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Michael,
>
On 8/1/19 15:21, Michael Osipov wrote:
Am 2019-08-01 um 21:19 schrieb Mark Thomas:
On 01/08/2019 20:07, Justiniano, Tony wrote:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.96.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.
This release contains a number of bug fixes and
On 01.08.2019 13:02, Potgieter, Carlo wrote:
On 31.07.2019 20:26, Potgieter, Carlo wrote:
On 31.07.2019 14:49, Mark Thomas wrote:
On 31/07/2019 13:03, Potgieter, Carlo wrote:
On 31/07/2019 12:48, Potgieter, Carlo wrote:
I was hoping to obtain some assistance. We have used a library to
I'm getting this in my logs - is this an attack do you think? How
might I determine this?
Could this be pushing bytes to the handler and causing a memory issue?
Error parsing HTTP request header
Aug 1 17:37:58 dom1 tomcat9[9793]: Note: further occurrences of HTTP
request parsing errors will
24 matches
Mail list logo
