[Bug 59243] Path traversal Attack

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243 --- Comment #6 from muthukumar --- Ok We whitelisted that paths.. But we want a proper solution . Whitelisted is a proper solution ? Please explain me the CVE 2008-5515 -- You are receiving this mail because:

[Bug 59220] AsyncListener#onComplete not called after timeout if buffer is flushed

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220 --- Comment #6 from Violeta Georgieva --- (In reply to Scott Nicklous from comment #5) > I know what you mean and agree with you. > > From Tomcat's point of view, the Pluto portal is an application. However, > Pluto

[Bug 59220] AsyncListener#onComplete not called after timeout if buffer is flushed

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220 --- Comment #5 from Scott Nicklous --- I know what you mean and agree with you. >From Tomcat's point of view, the Pluto portal is an application. However, Pluto itself hosts portlet applications that may come from

[Bug 59243] Path traversal Attack

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243 --- Comment #5 from Christopher Schultz --- (In reply to Violeta Georgieva from comment #4) > Fix your application. Correct. The path-traversal vulnerability has been introduced by your own application, not by

[Bug 59220] AsyncListener#onComplete not called after timeout if buffer is flushed

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220 --- Comment #4 from Remy Maucherat --- The question is really about the cases where complete should be called for the application (which didn't call it although it should have). -- You are receiving this mail because: You

[Bug 59220] AsyncListener#onComplete not called after timeout if buffer is flushed

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220 --- Comment #3 from Scott Nicklous --- Hi Violeta and Remy, thank you very much for having a look at this so quickly (and thank you, Remy for fixing 59213 so promptly!). The example servlets I provided were for the

[Bug 59247] Using the IBM JDK with the security manager results in java.lang.RuntimePermission warning

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247 --- Comment #2 from Coty Sutherland --- Created attachment 33709 --> https://bz.apache.org/bugzilla/attachment.cgi?id=33709=edit java.security.debug stack trace I forgot to include the stack trace in the previous

[Bug 59247] Using the IBM JDK with the security manager results in java.lang.RuntimePermission warning

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247 --- Comment #1 from Coty Sutherland --- Created attachment 33708 --> https://bz.apache.org/bugzilla/attachment.cgi?id=33708=edit More files from testing In this attachment I've included the catalina.out logs from the

[Bug 59247] New: Using the IBM JDK with the security manager results in java.lang.RuntimePermission warning

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247 Bug ID: 59247 Summary: Using the IBM JDK with the security manager results in java.lang.RuntimePermission warning Product: Tomcat 8 Version: 8.0.32 Hardware: PC

svn commit: r1737002 - in /tomcat/site/trunk: docs/lists.html xdocs/lists.xml

2016-03-29 Thread markt
Author: markt Date: Tue Mar 29 12:32:25 2016 New Revision: 1737002 URL: http://svn.apache.org/viewvc?rev=1737002=rev Log: Try and improve the wording and better differentiate between getting help how to use Tomcat and help how to use the mailing lists Modified:

[Bug 59243] Path traversal Attack

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243 Violeta Georgieva changed: What|Removed |Added Status|REOPENED|RESOLVED

[Bug 59243] Path traversal Attack

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243 --- Comment #3 from muthukumar --- Think my scenario . It is possible to make path traversal attack . It must be a security issue? -- You are receiving this mail because: You are the assignee for the bug.

[Bug 59243] Path traversal Attack

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243 muthukumar changed: What|Removed |Added Status|RESOLVED|REOPENED

[Bug 59243] Path traversal Attack

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243 Violeta Georgieva changed: What|Removed |Added Status|NEW |RESOLVED

[Bug 59243] New: Path traversal Attack

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243 Bug ID: 59243 Summary: Path traversal Attack Product: Tomcat 7 Version: 7.0.67 Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal

[Bug 58433] RemoteIpValve not activated on redirect from mapping

2016-03-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=58433 Thomas Raehalme changed: What|Removed |Added CC|

[jira] [Commented] (MTOMCAT-211) The .war file is not extracted from executable war

2016-03-29 Thread Magnus Skoglund (JIRA)
[ https://issues.apache.org/jira/browse/MTOMCAT-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15215546#comment-15215546 ] Magnus Skoglund commented on MTOMCAT-211: - What are the plans for a release 2.3 of