CVE-2023-24998 : Apache Denial of Service

2023-03-15 Thread S Abirami
Hi All, Currently, In our product we are using 9.0.65 version of Tomcat. We are not using FileUpload option in any of our application and in Servlet. We don't have any config to limit the file uploads also. Whether our attacker still able to perform a malicious upload to our server via url. Plea

Re: Excluded service.bat From Maven Artefact

2023-03-15 Thread LANDER Tim
> On 3/15/23 22:01, LANDER Tim wrote: > > Hi, I've noticed that service.bat and Tomcat.exe (Actually all exe's: > > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Ftomcat%2Fblob%2F6de806a21adc68a23aa4043c67c0d80bbab1c458%2Fbuild.xml%23L2825-L2828&data=05%7C0

Re: Excluded service.bat From Maven Artefact

2023-03-15 Thread Rob Sargent
On 3/15/23 22:01, LANDER Tim wrote: Hi, I've noticed that service.bat and Tomcat.exe (Actually all exe's: https://github.com/apache/tomcat/blob/6de806a21adc68a23aa4043c67c0d80bbab1c458/build.xml#L2825-L2828) are excluded from the tomcat maven artefact (org.apache.tomcat:tomcat). What's the

Excluded service.bat From Maven Artefact

2023-03-15 Thread LANDER Tim
Hi, I've noticed that service.bat and Tomcat.exe (Actually all exe's: https://github.com/apache/tomcat/blob/6de806a21adc68a23aa4043c67c0d80bbab1c458/build.xml#L2825-L2828) are excluded from the tomcat maven artefact (org.apache.tomcat:tomcat). What's the reason for this? I couldn't find it docum

Re: Tomcat 9.0.72 Firefox issue with 204 response (Empty Body)

2023-03-15 Thread Bhavesh Mistry
Hi Mark and Tomcat Team, We have been using tomcat 9 from version 0 to 70 and no issues so far with our application and firefox. We also tried to upgrade to 9.0.73, and show the same issue: As you can see from Devtools it is missing Protocol HTTP2 and is hung there. [image: image.png] [04/Mar/2

RE: HTTP2: How to check if the client aborted a request

2023-03-15 Thread EXT-Denton, Sam T
I am also interested in this. In my case, we added an "Abort Request" link to the placeholder page that is displayed while the calculation is on-going, but naturally nobody ever clicks on it. :O I am solidly In favor of anything that fixes this. Sam Denton (he/him) Advisor, Solutions Archite

CVE-2023-24998 : Apache Denial of Service

2023-03-15 Thread S Abirami
Hi All, Currently, In our product we are using 9.0.65 version of Tomcat. We are not using FileUpload option in any of our application and in Servlet. We don't have any config to limit the file uploads also. Whether our attacker still able to perform a malicious upload to our server via url. Plea