Re: Virtual event focussed on Tomcat Security

2020-09-30 Thread Maarten van Hulsentop
? For the educational/hardening aspect, it could be nice to team up with/involve OWASP? I am surely interested to pitch in on this topic! Kind regards, Maarten van Hulsentop Op di 29 sep. 2020 om 13:26 schreef Mark Thomas : > Hi all, > > We (the Tomcat community) have some funding fr

Re: Fwd: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload

2017-09-22 Thread Maarten van Hulsentop
lt - Modify [tomcat]/conf/web.xml, change url pattern / to /* (for default) - PUT possible - GET retrieves the content for the JSP -> not vulnerable right now? Thank you for your feedback, Regards, Maarten van Hulsentop

Tomcat 7.0.63 release date known?

2015-06-10 Thread Maarten van Hulsentop
Dear Tomcat users, We are using Apache Tomcat 7 to run our product on, using a number of features of the Tomcat product, such as the SPNego mechanism. For security reasons we keep up with the latest supported versions of both Tomcat and the Oracle JRE. Lately, we have found out that the

SAML 2.0 with container managed authentication in Tomcat

2014-09-11 Thread Maarten van Hulsentop
practices? Thank you! Regards, Maarten van Hulsentop

SingleSignOn valve in combination with SPNego

2014-06-04 Thread Maarten van Hulsentop
Hello all, We are encountering an issue with the use of the SingleSignOn valve and SPNego and are looking for a best practice on this. Let me describe our situation; Our suite consists of multiple end-user webapplications but also a few webapplications that accept interaction from other systems.

Re: [ANN] Apache Tomcat 7.0.52 released

2014-02-20 Thread Maarten van Hulsentop
Hello Violeta, On the security vulnerability site https://tomcat.apache.org/security-7.html, issue CVE-2014-0050http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050is still reported to be fixed in 7.0.51, which is stated as not yet released. I assume the fix is delivered in 7.0.52 as

Re: Single error page for multiple web applications

2014-01-02 Thread Maarten van Hulsentop
to me, once we have migrated to Tomcat 8. Regards, Maarten 2014/1/1 Christopher Schultz ch...@christopherschultz.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Leo, On 12/31/13, 3:58 PM, Leo Donahue wrote: On Dec 31, 2013 3:15 AM, Maarten van Hulsentop maar...@vanhulsentop.nl wrote

Single error page for multiple web applications

2013-12-31 Thread Maarten van Hulsentop
opinions about this, things i missed, or (even better!) your solution :) Thank you in advance! Regards, Maarten van Hulsentop

Re: Single error page for multiple web applications

2013-12-31 Thread Maarten van Hulsentop
://www.sergefonville.nl 2013/12/31 Maarten van Hulsentop maar...@vanhulsentop.nl Hello, We are using Tomcat to host a number of web applications as a uniform solution. We trying to implement something that seems to be an odd requirement, even though it is really a use case for us. We would like

Tomcat SPNEGO valve - role assignment in 'grant-all' realm

2012-10-10 Thread Maarten van Hulsentop
? Regards, Maarten van Hulsentop