On Thu, November 12, 2015 10:28 am, Barrow, Jonathan wrote:
> Sorry, this is more of Shavlik lingo. They have classifications for
> patches in their database. This one is considered a Security Patch (to an
> existing install) vs a Software Distribution which is more of a new-full
> install of somet
Sorry, this is more of Shavlik lingo. They have classifications for patches in
their database. This one is considered a Security Patch (to an existing
install) vs a Software Distribution which is more of a new-full install of
something. Maybe they need to re-classify it.
-Original Message--
Why is this flagged as a Security Patch then? Sounds more like a Software
Distribution don't you think?
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, November 11, 2015 5:09 PM
To: Tomcat Users List
Subject: Re: Tomcat Upgrades Ignorin
Jonathan,
On 11/11/15 4:15 PM, Barrow, Jonathan wrote:
> We currently run Tomcat v7 in our environment. We use Shavlik Protect as
> our patching utility.
>
> On all of our application servers we dedicate the C: drive to the
> Windows OS then we add an E: drive for all additional program
> install
Hi there.
We currently run Tomcat v7 in our environment. We use Shavlik Protect as our
patching utility.
On all of our application servers we dedicate the C: drive to the Windows OS
then we add an E: drive for all additional program installations such as SQL,
Tomcat, etc. So, we have a decent
David,
On 11/11/15 2:13 PM, David E. Filip wrote:
> I have a question about the threads that Tomcat uses for servicing
> requests. My environment is Tomcat 7.0.55 running on Linux (CentOS
> 6.5) with Oracle JVM 1.7.0_79.
>
> My question is specifically about the threads that Tomcat uses for
> se
I have a question about the threads that Tomcat uses for servicing requests.
My environment is Tomcat 7.0.55 running on Linux (CentOS 6.5) with Oracle JVM
1.7.0_79.
My question is specifically about the threads that Tomcat uses for servicing
requests which are named ‘http-bio-{port}-exec-###’,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yuval,
On 11/11/2015 8:34 AM, Yuval Schwartz wrote:
> Hello Mark,
>
> Thanks for the reply. I am interested in finding where the
> Document Root is for my application ("applicationName"). As I
> understand, since my Catatlina_Home = "c:\tomcat" and t
Hello Mark,
Thanks for the reply.
I am interested in finding where the Document Root is for my application
("applicationName").
As I understand, since my Catatlina_Home = "c:\tomcat" and the "" tag
in the server.xml specifies "appbase='webapps'", it should be under
c:\tomcat\webapps...but it is no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yuval,
On 11/11/2015 7:06 AM, Yuval Schwartz wrote:
> Hello,
>
> I am using tomcat 8.0.22.0. My Catalina_Home is set to "C:\tomcat".
> IDE: Netbeans. Language: Java.
>
> For some reason, when I deploy a web application in Netbeans that
> has the na
Hello,
I am using tomcat 8.0.22.0.
My Catalina_Home is set to "C:\tomcat".
IDE: Netbeans.
Language: Java.
For some reason, when I deploy a web application in Netbeans that has the
name "applicationName" and context path: "/applicationName" I do not see
the application in the c:\tomcat\webapps fol
Johan,
On 11/11/15 8:53 AM, Johan Compagner wrote:
> On 11 November 2015 at 14:44, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Tomcat could potentially be
>> used as an attack vector against a system by someone with write-access
>> to the part of the filesystem where Tomcat
On 11 November 2015 at 14:44, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Tomcat could potentially be
> used as an attack vector against a system by someone with write-access
> to the part of the filesystem where Tomcat stores its serialized session
> objects during a restart
>
i
Satish,
On 11/11/15 8:10 AM, Christopher Schultz wrote:
> Satish,
>
> On 11/11/15 7:58 AM, satish jupalli wrote:
>> Would like to get your opinion on the java deserialization vulnerability
>> issue for Tomcat. As Jboss seems to have been impacted with, is there a way
>> to verify wether this vuln
Satish,
On 11/11/15 7:58 AM, satish jupalli wrote:
> Would like to get your opinion on the java deserialization vulnerability
> issue for Tomcat. As Jboss seems to have been impacted with, is there a way
> to verify wether this vulnerability affects Tomcat as well?
Are you talking about this one?
don't think tomcat by default ships with commons collections
But of course its not just commons collections its a more generic problem
that could be hit if there are more special classes that do special things
in deserialization.
i do think that tomcat by default (even the manager app or there jm
Hi,
Would like to get your opinion on the java deserialization vulnerability
issue for Tomcat. As Jboss seems to have been impacted with, is there a way
to verify wether this vulnerability affects Tomcat as well?
Regards
SJ
17 matches
Mail list logo
