Hi,
I'm an eng. working on a security product that also uses Tomcat for
Web-server functionality.
I'm concerned with the known TLS renegotiation MitM vulnerability.
I would like to ask whether there's a Tomcat version that contains a fix to
the issue?- Say by disabling TLS renegotiation by
On Sun, Jan 24, 2010 at 1:36 PM, yosi izaq izaq...@gmail.com wrote:
Hi,
I'm an eng. working on a security product that also uses Tomcat for
Web-server functionality.
I'm concerned with the known TLS renegotiation MitM vulnerability.
I would like to ask whether there's a Tomcat version that
Thanks Len.
--
View this message in context:
http://old.nabble.com/error-page-problem---nested-exceptions-tp27272261p27294864.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail:
On 23/01/2010 04:31, Aryeh M. Friedman wrote:
I have an Java based XML DB that keeps track of different configurations
for various sites we host and it is trivial to have it spit out a Host
entery compatible with server.xml for each site... the only problem we
have is how to insert the output
On 23/01/2010 06:40, Karthik Nanjangude wrote:
Hi
Please Validate this Question
SPEC : JDK1.5
TOMCAT 6.0.20
O/s 1, 2 Windows 2000 Server
Apache Http - 2.x
1) A Custom built web application uses Quartz process ( Kron job)
every 20 minutes to DB (JNDI based Connection pool
On 24/01/2010 13:12, yosi izaq wrote:
On Sun, Jan 24, 2010 at 1:36 PM, yosi izaqizaq...@gmail.com wrote:
Hi,
I'm an eng. working on a security product that also uses Tomcat for
Web-server functionality.
I'm concerned with the known TLS renegotiation MitM vulnerability.
I would like to ask
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
(Marking OT because, well... just because).
On 1/22/2010 2:59 PM, Warnier wrote:
Christopher Schultz wrote:
That authorization.getBytes() is just asking for trouble, because it
uses the platform default encoding
response Inline.
10x 4 the prompt answer!
Yosi
6.0.24 has just been released, it is the best available version.
Your Connector config will determine which fix you need to employ.
[Yosi] I'm new to Tomcat. Do you refer to org.apache.coyote.http11 parameter
of the connector's CTOR?
If you
The last piece of the puzzle is what connector is used by default. According
to 6.0.x docs it's BIO: The default value is HTTP/1.1 and configures the
org.apache.coyote.http11.Http11Protocol. This is the blocking Java
connector..
That, together with your helpful prompt responses allows me to
Fletcher Cocquyt fcocquyt at stanford.edu writes:
Hi, this question is coming from the operations team perspective.
Currently our (small 3 member) ops team is responsible for deploying java apps
weekly from a set of dozens in a less than great 4am-6am window on Wednesdays.
..snip..
So
Hi all,
I'm trying to understand Tomcat memory usage as observed with
jconsole. I'm using Tomcat 6.0.18 on Mac OS X 10.5.8;
Tomcat is downloaded from the Apache site. I'm starting it with /no/
web applications
at all: just an empty webapps folder, and I'm not hitting it with any
From: Ken Bowen [mailto:kbo...@als.com]
Subject: Tomcat heap memory behavior question
1) Is this normal Tomcat behavior?
Yes, this is normal.
2) What Tomcat activity is consuming the heap?
Depends on what connectors you have configured, your watched resources,
autoDeploy settings, etc.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-3548: Apache Tomcat unexpected file deletion and/or alteration
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 5.5.0 to 5.5.28
Tomcat 6.0.0 to 6.0.20
The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-2902: Apache Tomcat unexpected file deletion in work directory
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 5.5.0 to 5.5.28
Tomcat 6.0.0 to 6.0.20
The unsupported Tomcat 3.x, 4.x and 5.0.x versions may be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2009-2901: Apache Tomcat insecure partial deploy after failed undeploy
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 5.5.0 to 5.5.28
Tomcat 6.0.0 to 6.0.20
The unsupported Tomcat 3.x, 4.x and 5.0.x versions may
Continous Integration sounds like a better solution for you. Your apps will
be built and tested as soon as the developer checks in their code in SVN.
Have a look at http://cruisecontrol.sourceforge.net
Using CruiseControl will ensure that the developers wont check-in anything
with errors on it.
Hi,
I need suggestion on how to do Data binding in JSP's?
I have a requirement, which is to display the table data and the user can
add,update or delete the data to it. I am using and JSP's and Servlets.
I was searching online to find if there are any data binding frameworks
available which I
I am migrating from Tomcat 5.0 w/ MSQL 4.1 to Tomcat 5.5 w/ MySQL Server
version: 5.0.51a-3ubuntu5 (Ubuntu). I have followed the Tomcat Tutorials
changing
from: ResourceLink in context.xml - Resource in server.xml
to: just Resource in context.xml.
Resource name=jdbc/MySql auth=Container
When starting Tomcat 6 on a newly installed Windows 7 Enterprise machine
with JRE 6 using C:\Program Files\Apache Software Foundation\Tomcat
6.0\bin\tomcat6.exe the application does not open and my event viewer has
the message:
Disabled use of AcceptEx() WinSock2 API.
The same installer of
Hi, and thanks for your answer.
I've tried to call the setDaemon(true), but I get the following exception :
java.lang.IllegalThreadStateException
at java.lang.Thread.setDaemon(Thread.java:1232)
at
TestServletContextListener.contextDestroyed(TestServletContextListener.java:45)
Le 22/01/2010 18:13, Christopher Schultz wrote :
This thread over on the Sun forums
(http://forums.sun.com/thread.jspa?threadID=169975) says that you can
either unexport all your objects or call System.exit(). :(
Are there some objects that you may have forgotten to unexport?
I don't think
21 matches
Mail list logo
