RE: Warning "AJP13 protocol: Reuse is set to false" written logs every second of every day. Please help.

2020-06-18 Thread Alfred Bakia
Hi Chris, A follow-up. I found the following discussion, which goes back to October 19, 2011: http://tomcat.10.x6.nabble.com/Reuse-mod-ajp-proxy-connections-td2096715.html I think it is relevant to this issue. Back then, one Dimitar said: >> "My understanding of the *reuse* flag in

Version migration problems

2020-06-18 Thread Niranjan Rao
Greetings, I am trying to migrate from 7.0.73 to 9.0.36 and facing challenges. Java version and operating system version remains same in both cases. I have carefully reviewed the configurations and everything looks ok. Version 9 does not report any problems when starting the application

Re: Cryptominer malware and Tomcat

2020-06-18 Thread Olaf Kock
Hi Pete, On 17.06.20 23:44, Pete Helgren wrote: > I am going to guess that it is one of these two known vulnerabilities: > > CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981) > The JSONDeserializer of Flexjson allows the instantiation of arbitrary > classes and the invocation of