-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aliye,
On 8/8/13 7:05 AM, Edao, Aliye wrote:
> Dear all,
>
> Altering
> ${catalina_home}/lib/org/apache/catalina/util/ServerInfo.properties
> because of information disclosure concerns (TC version number) in
> apache-tomcat-6.0.37, apache-tomcat-7.0.40, apache-tomcat-7.0.42
> and Apache Tomcat/8.0.0-RC1 as mentioned in the documentation
> (http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html,
> http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html) leads
> to ClassNotFoundException and Tomcat cannot be started.
>
> The older versions of Tomcat 6 and Tomcat 7 are not affected. Is
> this now intended or did I miss something?
>
> Error message (Tomcat 8):
>
> java.lang.ClassNotFoundException:
> org.apache.catalina.startup.Catalina at
> java.net.URLClassLoader$1.run(URLClassLoader.java:366) at
> java.net.URLClassLoader$1.run(URLClassLoader.java:355) at
> java.security.AccessController.doPrivileged(Native Method) at
> java.net.URLClassLoader.findClass(URLClassLoader.java:354) at
> java.lang.ClassLoader.loadClass(ClassLoader.java:424) at
> java.lang.ClassLoader.loadClass(ClassLoader.java:357) at
> org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:271) at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:461)
>
> Tomcat:
>
> apache-tomcat-6.0.37 apache-tomcat-7.0.40 apache-tomcat-7.0.42
> Tomcat/8.0.0-RC1
What is the difference between your ServerInfo.properties and the one
from catalina.jar?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSA6ZIAAoJEBzwKT+lPKRYyM0QALWYY0XspcBn8hXfeJDGnQCz
ooC6p/LCL+2FZq0gJA08nWmv7u72tgQfUUonHKExffJuK23gEGMoecQLP3r0AwKS
YD4Z7AqKHePH+rnigf/LkS+sKqB1OROuIDo7mjFY1Num8keovyTwJxpyqzUbUjUA
6SNF55ILH1X48gUqCyV2AatxQv+wz3ibFN16WWpQ1Lj9do3jlsJtsrANppAX+oxT
0wDJ7a85jeSG2DIIECOYWvWwYGv+fDx/WrXWNA5FbsVC86ov0Uc4e27BORTe7CmV
GvcJtccKlSK/X4CrGFP5U6KhcuNwHsMPtoDs5vEDgoPseHA21Ea1o6YzR+9lPwvr
CzCK9uBv1dHg4YFJvDWF204OAu+/KPHBuRQmy2czkDWhsQESZ/mOFHB8MCkRa2O6
gKRwcDeZAdSD+rYxWTYSwHa53qEv36ymEDDfsU+X3DJ20sIdLeZQjD6XUIG4an5X
jAPdHIOgJhWzvjSwq5zlCOzk5TZnmEgjv3z1iWQIA2W2DRrjUeFBmDA/8ceP13sY
LnBv7GWmPsLCPrnwEqnAsazIH5FLFlkOy3xyqYCT+R2u3su4bUSVeUhpefGdiBgS
EWU3qJSH+LOKgppbB++uggiftT/6iQKH1EJRyTvFvN9CGdGwdeuY3lbnbhh4AP8F
FGyiq6eugLJKF8943mAO
=Vs+L
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
