Tomcat8.0.53 & Java related issues

Dear Sir or Madam: Howdy.I'm a Java developer.I am learning related knowledge of Tomcat.Version for 8.0.53.Windows10.JDK1.8. At present,I have some problems and I hope I can get help. Currently I'm using the org.apache.catalina.util.RequestUtil.parseParameters(). I found this meth

Tomcat8.0.53 & Java related issues

Dear Sir or Madam: Howdy.I'm a Java developer.I am learning related knowledge of Tomcat.Version for 8.0.53. At present,I have some problems and I hope I can get help. Currently I'm using the org.apache.catalina.util.RequestUtil.parseParameters(). I found this method deprecated aft

[ANN] Apache Tomcat 9.0.53 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.53. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.53 is a bugfix and feat

Re: ApacheCon@Home, Tomcat-Track, request for input ...

In the meantime I have prepared a few nutshell examples to demonstrate how to use scripting languages with Tomcat for the talk. In case anyone is interested you can find them here (a rather old Linux machine): * Tomcat 9 (Java EE): , Java 8 LTS * To

[ANN] Apache Tomcat 10.0.11 available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.11. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $

[ANN] Apache Tomcat 10.1.0-M5 (alpha) available

The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M5 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations s

RE: 403 Errors for REST Web Services after upgrade from 8.5.30 to 8.5.58

I'm sorry the bottom section of the below email should instead be The server that does work has Tomcat version: Apache Tomcat/8.5.30 JVM Version: 11.0.11+9-LTS JVM Vendor: Red Hat, Inc. OS Name: Linux OS Version: 3.10.0-1160.31.1.el7.x86_64 OS Architecture

FW: 403 Errors for REST Web Services after upgrade from 8.5.30 to 8.5.58

I manage a web application that uses REST Web Services. After upgrading from 8.5.30 to 8.5.58, the web services return 403 messages. Commenting out the and sections below allows the web services to run again, but it does remove the security constraints. How can I get it working securely aga

Re: Tomcat Virtual Host to prevent Improper-Input-Handling attack

Hi Chris, Take any web application try below curl command , this curl command sends invalid Host Header application should validate by comparing with valid bost headers and block this request by returning 404 /403. curl -isk -H "host:host.whitehatsec.com" " https://staging.avoxdata.com/portal/ti

Re: Tomcat Virtual Host to prevent Improper-Input-Handling attack

Pradeep, On 9/13/21 09:35, Pradeep wrote: I am using Tomcat 7.0.57, I can't change the Tomcat version now. Running my previous "forge" file (with GET http://www.microsoft.com/, the the forged Host header) against Tomcat 7.0.57: $ nc localhost 8080 < forge HTTP/1.1 200 OK Server: Apache-Coyo

Re: Tomcat Virtual Host to prevent Improper-Input-Handling attack

Pradeep, On 9/13/21 09:35, Pradeep wrote: Hi Chris, I am using Tomcat 7.0.57, I can't change the Tomcat version now. I tried adding Virtual Host with RemotrHostValve to allow list of hosts but still no luck. This is because you are trying to block the client by their identity (like "local

Re: Aw: Re: tomcat hangs

Peter, On 9/13/21 04:12, Peter Rader wrote: Chris, Gesendet: Donnerstag, 09. September 2021 um 22:15 Uhr Von: "Christopher Schultz" An: users@tomcat.apache.org Betreff: Re: Aw: tomcat hangs Peter, On 9/9/21 08:21, Peter Rader wrote: I might noticed a simmilar issue: I ran the JVM in a linux

Re: Tomcat Virtual Host to prevent Improper-Input-Handling attack

Hi Chris, I am using Tomcat 7.0.57, I can't change the Tomcat version now. I tried adding Virtual Host with RemotrHostValve to allow list of hosts but still no luck. Regards, Pradeep On Mon, 13 Sep 2021, 2:28 pm Christopher Schultz, < ch...@christopherschultz.net> wrote: > Pradeep, > > On 9/

Re: Server redirected too many times (20)

Barry, On 9/12/21 12:59, Barry Kimelman wrote: I just installed tomcat 9.0.52 on my linux ubuntu 20.04 LTS system. I was successfully able to run the manager app as a test. Now I am trying to build an application that I had worked on quite a while ago in an older version of tomcat. I have a s

Re: Tomcat Virtual Host to prevent Improper-Input-Handling attack

Pradeep, On 9/10/21 17:38, Pradeep wrote: My application is HTTPS not HTTP and now one of the application security platforms WhitHatSec raised this vulnerability issue. I tried to reproduce your "attack" on Tomcat 8.5.59, like this: $ cat forge GET www.microsoft.com/ HTTP/1.1 Host: www.micro

Aw: Re: tomcat hangs

Chris, > Gesendet: Donnerstag, 09. September 2021 um 22:15 Uhr > Von: "Christopher Schultz" > An: users@tomcat.apache.org > Betreff: Re: Aw: tomcat hangs > Peter, > > On 9/9/21 08:21, Peter Rader wrote: > > I might noticed a simmilar issue: I ran the JVM in a linux OS on a VM > > (in virtualbox b