Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-30 Thread André Warnier
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 9/29/2011 5:59 PM, André Warnier wrote: Addendum : And then we're gonna make sure that the configuration files of Tomcat are given appropriate permissions so that only Tomcat and authorized users can browse said

Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 9/29/2011 5:59 PM, André Warnier wrote: > Addendum : And then we're gonna make sure that the configuration > files of Tomcat are given appropriate permissions so that only > Tomcat and authorized users can browse said secret. End of > addend

Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-30 Thread Mark H. Wood
Consider something like: $ openssl rand -base64 32 DJaLgg+fcT8ygQVCd1uKcpLAuxGPmEWhv7j+aorobVs= if you want help coming up with reasonably hard-to-guess secrets. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are

Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-29 Thread André Warnier
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Harold, On 9/22/2011 11:51 AM, BARRON, HAROLD H CTR DISA EE wrote: Classification: UNCLASSIFIED Thank god none of this is classified. I might have to write a plan of action to temporarily mitigate this issue until th

Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Harold, On 9/22/2011 11:51 AM, BARRON, HAROLD H CTR DISA EE wrote: > Classification: UNCLASSIFIED Thank god none of this is classified. > I might have to write a plan of action to temporarily mitigate > this issue until the update is posted. I just

RE: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-22 Thread BARRON, HAROLD H CTR DISA EE
- From: Pid * [mailto:p...@pidster.com] Sent: Thursday, September 22, 2011 11:47 AM To: Tomcat Users List Subject: Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED) On 22 Sep 2011, at 14:21, "BARRON, HAROLD H CTR DISA EE" wrote: > Classification: UNCLASSIFIED > Caveats: NONE &g

Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-22 Thread Pid *
p in front if Tomcat? What is hard to understand, maybe we can help... ? p > Appreciate the response. > > -Original Message- > From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] > Sent: Wednesday, September 21, 2011 7:02 PM > To: Tomcat Users List > Subje

RE: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-22 Thread BARRON, HAROLD H CTR DISA EE
7:02 PM To: Tomcat Users List Subject: Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED) 2011/9/21 BARRON, HAROLD H CTR DISA EE : > > Apache Tomcat AJP Protocol Security Bypass and Information Disclosure > Vulnerability - (CVE-2011-3190): > 1. Mitigation options are

Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011-09-21 Thread Konstantin Kolinko
2011/9/21 BARRON, HAROLD H CTR DISA EE : > > Apache Tomcat AJP Protocol Security Bypass and Information Disclosure > Vulnerability - (CVE-2011-3190): > 1. Mitigation options are listed here: http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html Both 5.5 and 6.0 have a