On Aug 8, 2013, at 7:05 AM, "Edao, Aliye" <aliye.e...@atos.net> wrote:
> Dear all, > > Altering ${catalina_home}/lib/org/apache/catalina/util/ServerInfo.properties > because of information disclosure concerns (TC version number) > in apache-tomcat-6.0.37, apache-tomcat-7.0.40, apache-tomcat-7.0.42 and > Apache Tomcat/8.0.0-RC1 as mentioned in the documentation > (http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html, > http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html) > leads to ClassNotFoundException and Tomcat cannot be started. > > The older versions of Tomcat 6 and Tomcat 7 are not affected. Is this now > intended or did I miss something? > > Error message (Tomcat 8): I'm not seeing this issue in my environment. I've pulled and built Tomcat 8 from SVN though. Perhaps you could try that and see if the issue has already been resolved? Here are the steps I followed: 1.) Check out Tomcat 8 from SVN (svn co https://svn.apache.org/repos/asf/tomcat/trunk/ tomcat-trunk) 2.) Build (instructions can be found here -> https://svn.apache.org/repos/asf/tomcat/trunk/BUILDING.txt) 3.) cd to output/build/ 4.) cd to lib 5.) mkdir -p org/apache/catalina/util 6.) unzip catalina.jar org/apache/catalina/util/ServerInfo.properties 7.) Edit org/apache/catalina/util/ServerInfo.properties, replace info with "N/A". 8.) ./bin/startup.sh 9.) Check the logs, which were clean for me. 10.) curl http://localhost:8080/does-not-exist verify output has version listed as "N/A". Dan > > java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina > at java.net.URLClassLoader$1.run(URLClassLoader.java:366) > at java.net.URLClassLoader$1.run(URLClassLoader.java:355) > at java.security.AccessController.doPrivileged(Native Method) > at java.net.URLClassLoader.findClass(URLClassLoader.java:354) > at java.lang.ClassLoader.loadClass(ClassLoader.java:424) > at java.lang.ClassLoader.loadClass(ClassLoader.java:357) > at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:271) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:461) > > Tomcat: > > apache-tomcat-6.0.37 > apache-tomcat-7.0.40 > apache-tomcat-7.0.42 > Tomcat/8.0.0-RC1 > > JDK: > Oracle jdk1.7.0_25 > > OS: > SUSE Linux Enterprise Server 11 (x86_64) > VERSION = 11 > PATCHLEVEL = 1 > > Thank you very much! > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org