On 8/8/2013 7:14 AM, Daniel Mikusa wrote:
On Aug 8, 2013, at 7:05 AM, "Edao, Aliye" <[email protected]> wrote:Dear all, Altering ${catalina_home}/lib/org/apache/catalina/util/ServerInfo.properties because of information disclosure concerns (TC version number) in apache-tomcat-6.0.37, apache-tomcat-7.0.40, apache-tomcat-7.0.42 and Apache Tomcat/8.0.0-RC1 as mentioned in the documentation (http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html, http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html) leads to ClassNotFoundException and Tomcat cannot be started. The older versions of Tomcat 6 and Tomcat 7 are not affected. Is this now intended or did I miss something? Error message (Tomcat 8):I'm not seeing this issue in my environment. I've pulled and built Tomcat 8 from SVN though. Perhaps you could try that and see if the issue has already been resolved? Here are the steps I followed: 1.) Check out Tomcat 8 from SVN (svn co https://svn.apache.org/repos/asf/tomcat/trunk/ tomcat-trunk) 2.) Build (instructions can be found here -> https://svn.apache.org/repos/asf/tomcat/trunk/BUILDING.txt) 3.) cd to output/build/ 4.) cd to lib 5.) mkdir -p org/apache/catalina/util 6.) unzip catalina.jar org/apache/catalina/util/ServerInfo.properties 7.) Edit org/apache/catalina/util/ServerInfo.properties, replace info with "N/A". 8.) ./bin/startup.sh 9.) Check the logs, which were clean for me. 10.) curl http://localhost:8080/does-not-exist verify output has version listed as "N/A". Dan
I'm not seeing this in my environment either: 1. 64 bit Windows 7 2. JRE 1.7.0_25 3. Tomcat 7.0.42 a. create a file %CATALINA_HOME%\lib\org\apache\catalina\util\ServerInfo.properties b. server.info=unknown c. start up Tomcat from batch file d. clean logs e. Browse to http://localhost:8080/foo f. get Server unknown at the bottom of the error page g. Manager application also reports unknown for server version /mde/
java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:366) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:271) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:461) Tomcat: apache-tomcat-6.0.37 apache-tomcat-7.0.40 apache-tomcat-7.0.42 Tomcat/8.0.0-RC1 JDK: Oracle jdk1.7.0_25 OS: SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 1 Thank you very much!--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
