Re: [SECURITY] CVE-2017-12617 Apache Tomcat Possible additional RCE via JSP upload

2017-09-25 Thread Harish Krishnan
Thank you for the response and confirmation, Mark. Sent from my iPhone > On Sep 25, 2017, at 12:36 PM, Mark Thomas wrote: > >> On 25/09/17 18:12, Harish Krishnan wrote: >> Hi Mark, >> >> Thanks for the timely updates. >> My understanding is, there will be a new 7.x update

Re: Help needed - JPA probem - No connection specified with project

2017-09-25 Thread Konstantin Kolinko
2017-09-25 18:02 GMT+03:00 Karen Goh : > Hi Kolinko, > > I have now removed the ResourceLink and left with Resource in my context.xml > which is resided at WebContent/META-INF. > > And this is C:\Program Files\Apache Software Foundation\Tomcat > 8.0\conf\context.xml > > >

Re: unable to configure logging

2017-09-25 Thread Kevin Weslowski
2017-09-25 8:04 GMT+03:00 Kevin Weslowski : I've reviewed the documentation for Tomcat 8.5 logging https://tomcat.apache.org/tomcat-8.5-doc/logging.html as well as the generic java.util.logging documentation. However, I'm still having problems understanding and

Re: Trouble using SSL with Tomcat 9

2017-09-25 Thread tomcat
On 25.09.2017 15:57, Don Flinn wrote: Andre, I've attached the output from netstat -a. I see 8080 listening, but not 8443. I've also attached the screen shot of the result of running my "protected" application in Tomcat. This list removes most attachments, so we did not get the

Re: 8.5.20 - java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded

2017-09-25 Thread Lulseged Zerfu
http://apache.mirrors.spacedump.net/tomcat/tomcat-8/v8.5.21/ From: Pesonen, Harri Sent: Monday, September 25, 2017 10:52 AM To: Tomcat Users List Subject: 8.5.20 - java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded

Re: Trouble using SSL with Tomcat 9

2017-09-25 Thread Don Flinn
Andre, I've attached the output from netstat -a. I see 8080 listening, but not 8443. I've also attached the screen shot of the result of running my "protected" application in Tomcat. As I mentioned, when I have Norton Security and it shuts down Windows firewall and runs its own firewall. Don

Re: tomcat7 eol date?

2017-09-25 Thread Coty Sutherland
On Sat, Sep 23, 2017 at 12:47 PM, Mark Thomas wrote: > On 23/09/17 13:15, Alex O'Ree wrote: >> Is there an approximate or estimated date in which ASF will stop >> supporting patches for Tomcat7? > > Best guess that is at least two to three years away. > >> I'm assuming that the

RE: tomcat ssl setup

2017-09-25 Thread John Ellis
Mark although I am not finding it now I'm pretty sure that I sent out a reply to this last week saying I am getting the same exact result with ver. M27 as I was with M26; can't get a webpage login when I try the secure port of 8443. It just churns on the screen but never connects. However if I

Re: Help needed - JPA probem - No connection specified with project

2017-09-25 Thread Karen Goh
Hi Kolinko, I have now removed the ResourceLink and left with Resource in my context.xml which is resided at WebContent/META-INF. And this is C:\Program Files\Apache Software Foundation\Tomcat 8.0\conf\context.xml WEB-INF/web.xml ${catalina.base}/conf/web.xml

8.5.20 - java.security.KeyStoreException: Cannot get key bytes, not PKCS#8 encoded

2017-09-25 Thread Pesonen, Harri
Hello, there is this problem in 8.5.20, that is already fixed for the coming 8.5.21: https://bz.apache.org/bugzilla/show_bug.cgi?id=61451 What is the latest version that does not have this problem? Is it 8.5.16? If I understand correctly, this problem was introduced in 8.5.18 (not released):

RE: tomcat ssl setup

2017-09-25 Thread John Ellis
Ok please disregard my last question re using keytool. I DID use it on the server we are trying to get the ssl certificate to work on. It's just that it was awhile back and I wasn't seeing the commands when I went by through the command history. My Bad John Ellis 405.285.2500 office

RE: tomcat ssl setup

2017-09-25 Thread John Ellis
I have another question. In visiting with my boss just now he brought up this question. Do we have to run something like the keytool command and go through all of those steps to get a certificate just in order to try to connect to Tomcat on a secure port, like 8443? I thought we could connect

Re: [SECURITY] CVE-2017-12617 Apache Tomcat Possible additional RCE via JSP upload

2017-09-25 Thread Harish Krishnan
Hi Mark, Thanks for the timely updates. My understanding is, there will be a new 7.x update available for addressing CVE-2017-12617. Is that correct? The current latest (7.0_81) resolves the initial 2 CVEs (CVE*12615 and CVE*12616). When can we expect the new update for 7.x? Sent from my

Re: Trouble using SSL with Tomcat 9

2017-09-25 Thread Don Flinn
I've put the log files, the jpg of the chrome page and the netstat -a -b in Google Drive and sent you a link. My application is somewhat complex and hopefully not the cause of the problem. It is composed of a large number of php and javascript files in the Financials application, which includes

debian 9 and tomcat 8 error at startup

2017-09-25 Thread r . bottoni
Hi, i have installed tomcat 8 on a Debian server using aptitude command. but when tomcat starts, I get this strange error : 26-Sep-2017 07:47:14.613 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.5.14 (Debian) 26-Sep-2017 07:47:14.614

Re: tomcat7 eol date?

2017-09-25 Thread Mark Thomas
On 25/09/17 15:06, Coty Sutherland wrote: > On Sat, Sep 23, 2017 at 12:47 PM, Mark Thomas wrote: >> On 23/09/17 13:15, Alex O'Ree wrote: >>> Is there an approximate or estimated date in which ASF will stop >>> supporting patches for Tomcat7? >> >> Best guess that is at least two

Re: [SECURITY] CVE-2017-12617 Apache Tomcat Possible additional RCE via JSP upload

2017-09-25 Thread Mark Thomas
On 25/09/17 18:12, Harish Krishnan wrote: > Hi Mark, > > Thanks for the timely updates. > My understanding is, there will be a new 7.x update available for addressing > CVE-2017-12617. Is that correct? > The current latest (7.0_81) resolves the initial 2 CVEs (CVE*12615 and > CVE*12616). >

Re: unable to configure logging

2017-09-25 Thread Konstantin Kolinko
2017-09-25 8:04 GMT+03:00 Kevin Weslowski : > I've reviewed the documentation for Tomcat 8.5 logging > > https://tomcat.apache.org/tomcat-8.5-doc/logging.html > > as well as the generic java.util.logging documentation. However, I'm still > having problems understanding