Dealing with an insecure Struts application on Tomcat

I am looking at security steps to mitigate issues with a 1.x Struts based app. I have recommended the following until an upgrade resource is available Remove application from current shared datasource Remediate high risk CVE scored vulnerabilities (x4 with high EPSS rating) Reduce exposure to int

Where do find debug logging

We have some applications which are pushing out to their own applogs clearly showing 'Debug' on most lines with a large amount of data and CI. I would like to find out where the app team are setting this level, I have check in the obvious in the war files as it's a Spring Boot app in applicatio

RE: Tomcat Deployment scripts

Users List Subject: AW: Tomcat Deployment scripts Hello Alan, > Von: Alan F > Gesendet: Mittwoch, 28. Juni 2023 18:24 > An: users@tomcat.apache.org > Betreff: Tomcat Deployment scripts > > Anyone have an example deployment script or method used to deploy a simple > war and c

Tomcat Deployment scripts

Anyone have an example deployment script or method used to deploy a simple war and context root, also with rollback preferably. Thanks

tomcat logging

Tomcat logging I would like to add a delimiter or characters " " around {user-agent} for logging, I wanted it in double quotes for example "Mozilla 5.0.." but can't seem to make it work. Or even adding a # symbol before would help any ideas? Thanks ---

Constant errors in Tomcat logs

HI I have a Tomcat clustered pair running, I see this 3 times a minute in the logs. I don't see this IP in server.xml I do have a DEV Tomcat pair is this somehow interfering? 06-Jun-2022 11:15:18.836 WARNING [Catalina-utility-2] org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.

403 whilst reading from ROOT

Im trying to read robots.txt from '/' on a few tomcat servers to block web search engines. Obviously placed the txt file in ./webapps/ROOT/ Works fine on a few tomcat hosts that have identical server.xml / web.xml so im puzzled as to why these two Tomcat servers are blocking requests, obviously

RE: help with high cpu usage

This works good for long lasting threads. If the CPU eating thread changes quickly, it's harder to figure out. Greetings, Thomas ____ Von: Alan F Gesendet: Freitag, 4. Februar 2022 00:02:49 An: Tomcat Users List Betreff: Re: help with high cpu usage John thanks

Re: help with high cpu usage

John thanks so much !! Will pass this on tomorrow. Cheers. From: john.e.gr...@wellsfargo.com.INVALID Sent: 03 February 2022 22:45 To: users@tomcat.apache.org Subject: RE: help with high cpu usage Alan, > -Original Message- > From: Alan F

RE: help with high cpu usage

sp?p=c2hhcmVkLzIwMjIvMDIvMy8tLWFwaS00NTE3MWUxNy1jYWRiLTRkY2UtODBlNS1lMDk0YTJjNTg1OGEudHh0&; -Original Message- From: john.e.gr...@wellsfargo.com.INVALID Sent: 03 February 2022 19:33 To: users@tomcat.apache.org Subject: RE: help with high cpu usage Alan, > -Original Message----- > From: Alan F > Sent: Thursday, February 03, 2022 12:1

RE: help with high cpu usage

pu usage Alan, > -Original Message----- > From: Alan F > Sent: Thursday, February 03, 2022 12:19 PM > To: Tomcat Users List > Subject: help with high cpu usage > > Had some issues today with one prod host. One is fine the other has > stuck around 80%Cpu. > Ive take

help with high cpu usage

Had some issues today with one prod host. One is fine the other has stuck around 80%Cpu. Ive taken a thread dump from both hosts and would appreciate someone give a once over what it may be before I kill and restart. They are clustered nodes so running identical apps and loadbalanced by a hardw

RE: Tomcat 9 Session replication

Many thanks Mark! -Original Message- From: Mark Thomas Sent: 01 February 2022 09:25 To: users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication On 31/01/2022 14:54, Alan F wrote: > Many thanks Chris, > > Don't laugh I was looking at those values after

RE: Tomcat 9 Session replication

to be that the membership should remain static and therefore no membership comms shuould be required. Are those important to ensure that the cluster members (through static) are actually present during operation? -chris > 2022年1月31日(月) 16:47 Alan F : > >> OK with your advice I tri

RE: Tomcat 9 Session replication

users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication On 28/01/2022 17:05, Alan F wrote: > We are currently getting traffic from all cluster members in other > environments using .staticmember opposed to multicast can I confirm why this > is see below. > > What do we need to set

Tomcat 9 Session replication

We are currently getting traffic from all cluster members in other environments using .staticmember opposed to multicast can I confirm why this is see below. What do we need to set here for a clustered pair to make them unique and talk to eachother only without seeing traffic from other members

RE: Tomcat jdbc connections

s due to connections being used! -Original Message- From: Christopher Schultz Sent: 24 January 2022 22:42 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections Alan, On 1/23/22 09:17, Alan F wrote: > Can I just follow up here what would be the next steps how would I go

RE: Tomcat jdbc connections

ogging via Catalina.out? Or can it be. -Original Message- From: Phil Steitz Sent: 21 January 2022 17:50 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections On 1/21/22 9:28 AM, Alan F wrote: > Ok thanks Phil ok I checked other connections in the same host and see

RE: Tomcat jdbc connections

Thanks for your input Phil! Arghh will keep looking. -Original Message- From: Phil Steitz Sent: 21 January 2022 17:50 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections On 1/21/22 9:28 AM, Alan F wrote: > Ok thanks Phil ok I checked other connections in the same h

RE: Tomcat jdbc connections

inutes! And diff is identical apart from Cluster ips. -Original Message- From: Phil Steitz Sent: 21 January 2022 16:10 To: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections On 1/21/22 8:19 AM, Alan F wrote: > Thanks John, > > Here is an exampl

RE: Tomcat jdbc connections

? -Original Message- From: john.e.gr...@wellsfargo.com.INVALID Sent: 21 January 2022 14:50 To: users@tomcat.apache.org Subject: RE: Tomcat jdbc connections Alan, > -Original Message- > From: Alan F > Sent: Friday, January 21, 2022 6:53 AM > To: Tomcat Users List &

RE: Tomcat jdbc connections

: users@tomcat.apache.org Subject: Re: Tomcat jdbc connections Alan, On 1/20/22 09:33, Alan F wrote: > I have an issue with connections on Tomcat9 Oracle showing connections > made for about 2seconds then dropped again. Is this normal when the > server is not being used? You mean like

Tomcat jdbc connections

I have an issue with connections on Tomcat9 Oracle showing connections made for about 2seconds then dropped again. Is this normal when the server is not being used? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org F

RE: Tomcat 9 Encrpytion of JDBC

OK thanks Bill! -Original Message- From: Bill Stewart Sent: 14 January 2022 19:02 To: Tomcat Users List Subject: Re: Tomcat 9 Encrpytion of JDBC On Fri, Jan 14, 2022 at 10:25 AM Alan F wrote: > Interested to know your best practices on securing jdbc plain text > passwords,

Tomcat 9 Encrpytion of JDBC

All, Interested to know your best practices on securing jdbc plain text passwords, in my last place they used a mechanism to encrypt all passwords. Is this the best method as I read some people don't recommend this. Any details or procs on best practice appreciated. Thanks Ken --