Re: Disabling Naggle's algorithm / Setting tcpNoDelay programatically for web sockets

On 25/06/2015 06:59, Ganesh Bms wrote: Hi, As per tomcat's performance tuning doc, 'tcpNoDelay' can be enabled/disabled at connector level. Is there a programmatic way to set 'tcpNoDelay' to true for web socket connections ? I am using tomcat's proprietary web socket APIs in my

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/25/15 2:39 AM, agharta wrote: On 06/24/2015 06:04 PM, Christopher Schultz wrote: Agharta, On 6/24/15 11:17 AM, agharta wrote: Hi all, A rapid question: colud i place the tomcat 7 catalina-ws.jar inside a new tomcat 8

Re: Is Tomcat 7.0.62 vulnerable to these issues: CVE-2007-6750/CVE-2009-5111

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 6/25/15 3:49 AM, Mark Thomas wrote: On 25/06/2015 07:07, Nikitha Benny wrote: Hi, I am confused regarding the 2 security issues CVE-2007-6750 and CVE-2009-5111. Can they be tracked to CVE-2012-5568? All of those CVEs are

Re: CVE-2014-7810 Mitigation

Lynch, Charles [USA] wrote: Seeking guidance on mitigation of CVE-2014-7810http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810 on Apache Tomcat 6.0.37. Upgrading to 6.0.43 is not an option for my team at the moment, and we need to secure our install via other means until the patch can

Re: [External] Re: CVE-2014-7810 Mitigation

Lynch, Charles [USA] wrote: Thank you. I am fairly unfamiliar with Apache as a whole. Simply trying to address our possible attack surfaces. I appreciate your assistance. Welcome. By the way, I found the reference to the article below by entering this on Google : CVE-2014-7810 and Tomcat

RE: [External] Re: CVE-2014-7810 Mitigation

You are saying a malicious actor would need to be on the server itself to load an application? From: André Warnier [a...@ice-sa.com] Sent: Thursday, June 25, 2015 7:55 AM To: Tomcat Users List Subject: [External] Re: CVE-2014-7810 Mitigation Lynch, Charles [USA]

RE: [External] Re: CVE-2014-7810 Mitigation

Thank you. I am fairly unfamiliar with Apache as a whole. Simply trying to address our possible attack surfaces. I appreciate your assistance. From: André Warnier [a...@ice-sa.com] Sent: Thursday, June 25, 2015 8:32 AM To: Tomcat Users List Subject: Re:

Re: [External] Re: CVE-2014-7810 Mitigation

Lynch, Charles [USA] wrote: You are saying a malicious actor would need to be on the server itself to load an application? Basically yes, or be allowed to load and deploy applications via the Manager application (which is either not installed, or anyway secured by default) It is fairly

CVE-2014-7810 Mitigation

Seeking guidance on mitigation of CVE-2014-7810http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810 on Apache Tomcat 6.0.37. Upgrading to 6.0.43 is not an option for my team at the moment, and we need to secure our install via other means until the patch can be applied. If there are any

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

Le 25 juin 2015 à 10:40, André Warnier a...@ice-sa.com a écrit : Pascal Abaziou wrote: Le 25 juin 2015 à 00:23, Mark Eggers its_toas...@yahoo.com.INVALID a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/24/2015 2:40 PM, André Warnier wrote: Pascal Abaziou wrote:

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

Le 25 juin 2015 à 21:45, Pascal Abaziou pascal.abaz...@gmail.com a écrit : Le 25 juin 2015 à 10:40, André Warnier a...@ice-sa.com mailto:a...@ice-sa.com a écrit : Pascal Abaziou wrote: Le 25 juin 2015 à 00:23, Mark Eggers its_toas...@yahoo.com.INVALID

Filter behaviour

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException Assuming you have only a single Filter configured in web.xml Assuming you have logic in a doFilter that checks the value of a boolean. If the boolean is true, then

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

Le 25 juin 2015 à 16:16, Christopher Schultz ch...@christopherschultz.net a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pascal, On 6/25/15 10:01 AM, Christopher Schultz wrote: Pascal, On 6/24/15 4:23 PM, Pascal Abaziou wrote: Hello, I’m searching for the version

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pascal, On 6/24/15 4:23 PM, Pascal Abaziou wrote: Hello, I’m searching for the version that fixes a bug I’ve on a tomcat 6.0.24 (on redhat). As I do not reproduce it on my windows workstation with tomcat 6.0.44, I need elements to argue to

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

On 06/25/2015 04:45 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/25/15 10:30 AM, agharta wrote: On 06/25/2015 03:51 PM, Christopher Schultz wrote: Agharta, On 6/25/15 2:39 AM, agharta wrote: On 06/24/2015 06:04 PM, Christopher Schultz wrote:

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/25/15 10:30 AM, agharta wrote: On 06/25/2015 03:51 PM, Christopher Schultz wrote: Agharta, On 6/25/15 2:39 AM, agharta wrote: On 06/24/2015 06:04 PM, Christopher Schultz wrote: Agharta, On 6/24/15 11:17 AM, agharta wrote: Hi

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pascal, On 6/25/15 10:01 AM, Christopher Schultz wrote: Pascal, On 6/24/15 4:23 PM, Pascal Abaziou wrote: Hello, I’m searching for the version that fixes a bug I’ve on a tomcat 6.0.24 (on redhat). As I do not reproduce it on my windows

Re: [External] Re: CVE-2014-7810 Mitigation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 6/25/15 8:32 AM, André Warnier wrote: Lynch, Charles [USA] wrote: You are saying a malicious actor would need to be on the server itself to load an application? Basically yes, or be allowed to load and deploy applications via the

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

On 06/25/2015 03:51 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/25/15 2:39 AM, agharta wrote: On 06/24/2015 06:04 PM, Christopher Schultz wrote: Agharta, On 6/24/15 11:17 AM, agharta wrote: Hi all, A rapid question: colud i place the tomcat

Tomcat - OOM Perm gen

Hi All, I have 2 web apps sitting on single tomcat instance, App A( Classic JSP/Servlet/jstl/velocity App) and App B (Struts2 based app). Now I have added S2 to App A and trying to fix some bad code in it with it.But after making this change I keep getting out of OOM issues once user count

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

On 06/24/2015 06:04 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/24/15 11:17 AM, agharta wrote: Hi all, A rapid question: colud i place the tomcat 7 catalina-ws.jar inside a new tomcat 8 installation ? Why would you want to do something like

Re: Is Tomcat 7.0.62 vulnerable to these issues: CVE-2007-6750/CVE-2009-5111

On 25/06/2015 07:07, Nikitha Benny wrote: Hi, I am confused regarding the 2 security issues CVE-2007-6750 and CVE-2009-5111. Can they be tracked to CVE-2012-5568? All of those CVEs are essentially the same issue (slowloris) in different products. According to CVE-2012-5568, I

Is Tomcat 7.0.62 vulnerable to these issues: CVE-2007-6750/CVE-2009-5111

Hi, I am confused regarding the 2 security issues CVE-2007-6750 and CVE-2009-5111. Can they be tracked to CVE-2012-5568? According to CVE-2012-5568, I understand that this is not a vulnerability in Tomcat. Please confirm. When Tomcat 7.0.62 was scanned using McAfee Vulnerability Manager Tool,

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

Pascal Abaziou wrote: Le 25 juin 2015 à 00:23, Mark Eggers its_toas...@yahoo.com.INVALID a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/24/2015 2:40 PM, André Warnier wrote: Pascal Abaziou wrote: Hello, I’m searching for the version that fixes a bug I’ve on a tomcat 6.0.24