-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Crowther wrote:
| That's a nice little JSP - once it's on the system, the attacker can
| do anything they like that's allowed by the outbound firewall, with
| the privilege of the user running Tomcat.
Yeah, pretty much.
This is one of
Peter Crowther wrote:
From: Warren Bell [mailto:[EMAIL PROTECTED]
[details of attack elided]
The network that the server is on has a Lynksys RV082 small business
router with the firewall completely locked down except for port 8080
available only to the networks with the kiosks. The kios
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Julio,
Julio César Chaves Fernández wrote:
| The curious thing is that when the password is
| wrong the redirection is to the form-error page defined in the
| web.xml file. So, I was hoping you could give me some sort of advice
| or where could I sta
The solution to my configuration problems was to backtrack a bit.
I once again loaded my server cert into the default ${user.home}/.keystore.
I then modified my connector to point to the default keystore, provided the
connector factory with the alias for the key that was first created to generate
> From: Warren Bell [mailto:[EMAIL PROTECTED]
[details of attack elided]
> The network that the server is on has a Lynksys RV082 small business
> router with the firewall completely locked down except for port 8080
> available only to the networks with the kiosks. The kiosks are on a
> basic Linksy
Mark Thomas wrote:
Warren Bell wrote:
Mark Thomas wrote:
Warren Bell wrote:
Mark Thomas wrote:
- What other webapps are installed on the Tomcat instance?
Several, they are all intranet apps that do not have any
download/upload capabilities and there is no possible sql injection
vulnerabil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
André Warnier wrote:
| After making that filter, I thought that it would have been more
| elegant to check if the header requested by getHeader() was one I
| added, return it in that case, and otherwise just call the
| getHeader() method of th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Richard,
Richard S. Huntrods wrote:
|public static Vector listLookup(String table) {
| //Connection connection = null; // connection is managed by a
| connection pool
So, is 'connection' a local or not?
|Statement statement = nu
well that solves the noClassDef problem. Now the page just loads
infinitely with a blank screen. But maybe this isn't a tomcat problem,
but rather a code problem.
Thanks
On Fri, Aug 8, 2008 at 6:04 PM, Mark Thomas <[EMAIL PROTECTED]> wrote:
> Tom Cat wrote:
>>
>> No, I didn't have Tidy.jar in the
Tom Cat wrote:
No, I didn't have Tidy.jar in the webapp's classpath. I moved it into
the WEB-INF/lib folder and am still getting a NoClassDefFound error.
Any help?
Did you reload your webapp?
Mark
-
To start a new topic, e
No, I didn't have Tidy.jar in the webapp's classpath. I moved it into
the WEB-INF/lib folder and am still getting a NoClassDefFound error.
Any help?
On Fri, Aug 8, 2008 at 4:30 PM, Hassan Schroeder
<[EMAIL PROTECTED]> wrote:
> On Fri, Aug 8, 2008 at 1:27 PM, Tom Cat <[EMAIL PROTECTED]> wrote:
>
>
Michele Fuortes wrote:
Hi,
I have a problem with POSTing an XML file to a servlet which writes the
XML to disk. If the XML file is less than 16384 bytes all goes well. If
it's bigger the first 16384 bytes are written correctly, the rest all
all 00s. The lenght of the file is the correct one a
Johnny Kewl wrote:
- Original Message - From: "Michele Fuortes"
<[EMAIL PROTECTED]>
Hi.
Johnny is sometimes a bit hard to read, but he may have a point there.
If you are POSTing data with an HTML form, how exactly does the
tag look like ? (of if it is with some client program, what d
- Original Message -
From: "Michele Fuortes" <[EMAIL PROTECTED]>
To:
Sent: Friday, August 08, 2008 4:08 PM
Subject: Re: Problem with POST to servlet: 16384 bytes maximum?
Hi, thanks for the suggestions;
[EMAIL PROTECTED] schrieb:
I've had similar problems in various versions of t
My server is organize as follows
c:\webserver
\isapi
\Website1
\Website2
Now the server.xml are configured differently in both website1 and website2.
Website1 AJP13 = 8009
Website2 AJP13 = 8109
worker.list=ajp13w
worker.ajp13w.type=ajp13
worker.ajp13w.host=localhost
worker.ajp13w.port=8009
If
OK, since I am trying to have java-based applications end-to-end and
since I own this network, I think I will use TC and Java Web Start
instead of applets
~
>> This would be beneficial if you want to use an internal, local
>> network cache for a number of users you know in a network you own
>> ~
- Original Message -
From: "Michele Fuortes" <[EMAIL PROTECTED]>
To:
Sent: Friday, August 08, 2008 4:08 PM
Subject: Re: Problem with POST to servlet: 16384 bytes maximum?
Hi, thanks for the suggestions;
[EMAIL PROTECTED] schrieb:
I've had similar problems in various versions of t
[EMAIL PROTECTED] schrieb:
We're running a web environment using RHEL 4, Apache 2.0.52 with Worker
MPM, mod_jk 1.2.20 and jboss/tomcat application servers (Jboss 4 / tomcat55).
There's a firewall between our web and application servers, and I have
read about mod_jk and firewalls (i.e. socket_keep
André Warnier wrote:
> Markus Schönhaber wrote:
>> (provided, the
>> browser doesn't do some guessing of the charset based on the content).
>>
> Not in any way to distract from your main question, which is very
> interesting, but that is a very big "provided", because IE does a lot of
> second-g
Warren Bell wrote:
Mark Thomas wrote:
Warren Bell wrote:
Mark Thomas wrote:
- What other webapps are installed on the Tomcat instance?
Several, they are all intranet apps that do not have any
download/upload capabilities and there is no possible sql injection
vulnerabilities either. And no
On Fri, Aug 8, 2008 at 1:27 PM, Tom Cat <[EMAIL PROTECTED]> wrote:
> When I try to run it in tomcat though, i get this error:
>
> java.lang.NoClassDefFoundError: org/w3c/tidy/Tidy
>
> I don't understand why it throws this error. Tidy is in my classpath
> and the code compiles fine.
That's nice, b
Tom Cat wrote:
Hello,
I am trying to run my webapp in tomcat 6 but am having a problem. A
servlet I use imports org.w3c.tidy.Tidy and the code compiles fine.
When I try to run it in tomcat though, i get this error:
java.lang.NoClassDefFoundError: org/w3c/tidy/Tidy
I don't understand why it th
Mark Thomas wrote:
Warren Bell wrote:
Mark Thomas wrote:
- What other webapps are installed on the Tomcat instance?
Several, they are all intranet apps that do not have any
download/upload capabilities and there is no possible sql injection
vulnerabilities either. And none of the apps execu
Hello,
I am trying to run my webapp in tomcat 6 but am having a problem. A
servlet I use imports org.w3c.tidy.Tidy and the code compiles fine.
When I try to run it in tomcat though, i get this error:
java.lang.NoClassDefFoundError: org/w3c/tidy/Tidy
I don't understand why it throws this error.
And a follow up question - are you using the invoker servlet at all?
Mark
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Warren Bell wrote:
Mark Thomas wrote:
- What other webapps are installed on the Tomcat instance?
Several, they are all intranet apps that do not have any download/upload
capabilities and there is no possible sql injection vulnerabilities
either. And none of the apps execute any programs loca
Mark Thomas wrote:
Warren Bell wrote:
I have found a war file on my server that appeared around July 14. I
am the only one that has access to this machine and I did not put it
there. It consists of a jsp that downloads a program named init.exe
and then executes it. This server is on a private
Markus Schönhaber wrote:
Hi,
(provided, the
browser doesn't do some guessing of the charset based on the content).
Not in any way to distract from your main question, which is very
interesting, but that is a very big "provided", because IE does a lot of
second-guessing the server, infamously
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
André Warnier wrote:
| I am a real beginner at Java and Tomcat, and not so good at it.
| But maybe that causes my explanation below to be useful.
Don't forget to override getDateHeader and getIntHeader in your wrap
Warren Bell wrote:
I have found a war file on my server that appeared around July 14. I am
the only one that has access to this machine and I did not put it there.
It consists of a jsp that downloads a program named init.exe and then
executes it. This server is on a private network. Though ther
How about where can I setup a unique CATALINA_BASE?
On Fri, Aug 8, 2008 at 2:41 PM, dOE <[EMAIL PROTECTED]> wrote:
> Hello, I am running Tomcat 5.0.16 w.\ JS-Wrapper and I have 2 tomcat
> instances installed with unique ports, and the tomcat.exe are renamed to be
> unique as well.
>
> (Win32, IIS
Hello:
Very shortly, my company will start writing portlet applications which
will be hosted in Tomcat 6 and OAS. We will be using Oracle Portal as
our portal. We plan to use WSRP for communication between the portal
and portlet containers. We use JDeveloper as our IDE. JDeveloper will
a
Hello, I am running Tomcat 5.0.16 w.\ JS-Wrapper and I have 2 tomcat
instances installed with unique ports, and the tomcat.exe are renamed to be
unique as well.
(Win32, IIS6.isapi_redir 1.2.8)
The 2ndry Tomcat starts, but it is not created the "work" folder, or
generate any logs.
I have even se
I have found a war file on my server that appeared around July 14. I am
the only one that has access to this machine and I did not put it there.
It consists of a jsp that downloads a program named init.exe and then
executes it. This server is on a private network. Though there are three
pc kios
Mark Thomas wrote:
>> As I understand it, this is a violation of the HTTP 1.1 spec, since RFC
>> 2616 says in section 3.7.1:
>> | The "charset" parameter is used with some media types to define the
>> | character set (section 3.4) of the data. When no explicit charset
>> | parameter is provided
Hi, I have an issue with both https and j_secutiry_check... i've an application
that works fine with only authentication (j_security_check) but when I try to
access with https the application redirects the browser to the form-login page
that is set in the web.xml file. The curious thing is th
Hi,
[EMAIL PROTECTED] wrote:
I am trying to configure SSL on a tomcat 6.0.13. I began by creating a default
keystore (using keytool) in the user's directory where the apache tomcat server
is installed. From this keystore I generated a server cert request. Once I
received the server cert, I
Chris,
Richard,
Richard S. Huntrods wrote:
| In my code I was calling resultSet.close(), but not statement.close().
That'll do it.
Actually, fixing it did NOT help. See more below...
| The problem is, even though I verified (debug statements) that the call
| is being made, the memory is ST
I haven't stepped up to attempting Comet/NIO yet, but I have had
some small-scale success with a custom pseudo-push implementation
using the RPC in GWT (Google Web Toolkit); obviously we're using GWT
for the pages.
When the browser starts, it uses rpc to ask for any available data:
If data i
Hi there sorry for the lack of information.
I'm running tomcat 5.5.26.
logging.properties are in the tomcat/conf folder.
My log4j file is inside tomcat/bin/resources
This is the location where all our resources files are located, to
make transparent the migration from resin to tomcat. I can be su
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michele,
Michele Fuortes wrote:
| I tried 5.5.26 and 5.5.17 and it changed (for the worse-;).
| The file now gets messed up at 7620 bytes
At least the application runs faster, now ;)
Seriously, though, we use TC 5.5.23 in our demo environment and w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Albretch,
Albretch Mueller wrote:
| 1) Can you achieve such a thing as a registered, dedicated, always
| open connection to each client in a network from login to logout using
| tomcat?
Not really. HTTP is designed as a connectionless protocol. You
Markus Schönhaber wrote:
Hi,
AFAICT Tomcat's DefaultServlet doesn't add "; charset=..." to the
Content-Type header when serving static resources of content type text/*
and the corresponding resource isn't encoded in ISO-8859-1.
Correct.
As I understand it, this is a violation of the HTTP 1.1
Check out SCP task for Ant (link below). Incorporate it into your project
build script and you can call it in or out of Eclipse to update your Linux
deployment. Once perfected, you can have Eclipse deploy updates automatically
to the Linux box as a supplemental builder.
http://ant.apache.org/
Hi,
AFAICT Tomcat's DefaultServlet doesn't add "; charset=..." to the
Content-Type header when serving static resources of content type text/*
and the corresponding resource isn't encoded in ISO-8859-1.
As I understand it, this is a violation of the HTTP 1.1 spec, since RFC
2616 says in section 3.
~
1) Can you achieve such a thing as a registered, dedicated, always
open connection to each client in a network from login to logout using
tomcat?, and
~
1.1) How can browsers be configured to take advantage of them?
1.2) What would you suggest if I would like this configuration to be
availab
That's not what I'm seeing in the command run you posted. You might
also want to move this very off-topic discussion to a maven user list.
--David
Sam Wun wrote:
Actually I tried that with what you said, this is the error message
getting from that ONE command line. There is no \ at the end.
Hi, thanks for the suggestions;
[EMAIL PROTECTED] schrieb:
I've had similar problems in various versions of tomcat. Currently
the
problem seems to exist in 6.0.16 but not in 6.0.14 nor 5.5.17. There
was a bug filed, but I don't have the reference handy.
I tried 5.5.26 and 5.5.17 and it ch
Actually I tried that with what you said, this is the error message
getting from that ONE command line. There is no \ at the end.
Thanks
On Sat, Aug 9, 2008 at 12:04 AM, David Smith <[EMAIL PROTECTED]> wrote:
> Might also want to try putting the whole command on the same line instead of
> trying
Might also want to try putting the whole command on the same line
instead of trying to do the continuation '\' operator which may not work
on Windows. That last '\' character is being interpreted by mvn as a
parameter.
--David
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Emerson,
emerson cargnin wrote:
| In tomcat, though, even if my log file has only ERROR statements,
| catalina.out seems to be getting all INFO, DEBUG from my application.
| I couldnt' find anything in loggin properties that would set at ROOT
| level
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sam,
Please do not post the same question multiple times. Someone will
eventually get back to you. This list is not your on-demand technical
support team.
- -chris
Sam Wun wrote:
| Hi,
|
| I am wondering how to fix the following attached error (mv
Sam Wun wrote:
Hi,
I am wondering how to fix the following attached error (mvn command run)?
I tried to follow the instruction shown in the following website, but got error.
http://struts.apache.org/2.x/docs/developing-a-portlet-using-eclipse.html
1. Don't hijack threads.
2. Read the FAQ, part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sam,
This is probably a question best asked on the Maven mailing list.
- -chris
Sam Wun wrote:
| Hi,
|
| I am wondering how to fix the following attached error (mvn command run)?
| I tried to follow the instruction shown in the following website, b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
James,
[EMAIL PROTECTED] wrote:
| attempting to run application on Tomcat 5.5 server (Fails to load at
| context path) I see this in the catalina.log
|
| Google search suggests a zip file error with the .war - but I have
| only used an exploded tree
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
André Warnier wrote:
| I am a real beginner at Java and Tomcat, and not so good at it.
| But maybe that causes my explanation below to be useful.
Don't forget to override getDateHeader and getIntHeader in your wrapper
class. Also, don't forge
Hi,
I am wondering how to fix the following attached error (mvn command run)?
I tried to follow the instruction shown in the following website, but got error.
http://struts.apache.org/2.x/docs/developing-a-portlet-using-eclipse.html
=== attached mvn command run ===
Maven version:
Hi,
If you can't get past this limitation, you might look into the Apache
Commons "file upload" utility. It is an API specifically for allowing
(large) file uploads to a server. It works great, has a simple API and some
decent documentation as well. Hope this helps.
On Thu, Aug 7, 2008 at 2:18
Finally the issue was solved. It was due to the Norman
Anti-virus+Firwall. Although I have disable the firewall, stopped all
Norman services that can be stopped, i still get the Permission Denied
error. Only after I have uninstalled Norman can Tomcat start.
After which I
1) installed AVG free anti
[EMAIL PROTECTED] wrote:
I am trying to configure SSL on a tomcat 6.0.13. I began by creating a default
keystore (using keytool) in the user's directory where the apache tomcat server
is installed. From this keystore I generated a server cert request. Once I
received the server cert, I loade
Hi Guys
My Log4j configuration has all turned to ERROR in my log4j.lcf. In
resin this works right, so no INFO or DEBUG in the resin main log
file.
In tomcat, though, even if my log file has only ERROR statements,
catalina.out seems to be getting all INFO, DEBUG from my application.
I couldnt' fin
I am trying to configure SSL on a tomcat 6.0.13. I began by creating a default
keystore (using keytool) in the user's directory where the apache tomcat server
is installed. From this keystore I generated a server cert request. Once I
received the server cert, I loaded the trusted certs and th
Hello,
to whom it may concern, I solved this problem in another way. In the
ContextFactory I only return an
InitialDirContext. The class which wants to connect to the LDAP uses
this InitialDirContext, looks up the environment and connects to the
LDAP.
You can find the source code at:
http://sourc
[EMAIL PROTECTED] wrote:
A weird thing I see is that sometimes, the apache server status page
displays requests/threads in the "W" (sending reply) state up to Apache
timeout, while the Jboss Jk status shows no threads for that client in the
"Service" state.
Fix your firewall. It silently clos
Ok I will search and try reordering filters.
Thanks for your time !
--
Olivier
2008/8/8 Johnny Kewl <[EMAIL PROTECTED]>:
>
> - Original Message - From: "Olivier Lamy" <[EMAIL PROTECTED]>
> To: "Tomcat Users List"
> Sent: Thursday, August 07, 2008 11:21 PM
> Subject: Re: Weird stack trac
Hi,
I am wondering how to fix the following attached error (mvn command run)?
I tried to follow the instruction shown in the following website, but got error.
http://struts.apache.org/2.x/docs/developing-a-portlet-using-eclipse.html
=== attached mvn command run ===
Maven version:
Hello everyone,
I previously asked this on the Apache users mailing list - but it occurred
to me that this list may be more appropriate)
I'm trying to figure out some weirdness in a fairly large web environment.
We're running a web environment using RHEL 4, Apache 2.0.52 with Worker
MPM, mod_jk
Hi,
I am wondering how to fix the following attached error (mvn command run)?
I tried to follow the instruction shown in the following website, but got error.
http://struts.apache.org/2.x/docs/developing-a-portlet-using-eclipse.html
=== attached mvn command run ===
Maven version:
attempting to run application on Tomcat 5.5 server (Fails to load at context
path) I see this in the catalina.log
Google search suggests a zip file error with the .war - but I have only used an
exploded tree and removed previous .war file.
Any suggestions?
--
James Stanbridge
Kellstan
IM: (
69 matches
Mail list logo
