On 8/8/2013 7:14 AM, Daniel Mikusa wrote:
On Aug 8, 2013, at 7:05 AM, "Edao, Aliye" <aliye.e...@atos.net> wrote:
Dear all,
Altering ${catalina_home}/lib/org/apache/catalina/util/ServerInfo.properties
because of information disclosure concerns (TC version number)
in apache-tomcat-6.0.37, apache-tomcat-7.0.40, apache-tomcat-7.0.42 and Apache
Tomcat/8.0.0-RC1 as mentioned in the documentation
(http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html,
http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html)
leads to ClassNotFoundException and Tomcat cannot be started.
The older versions of Tomcat 6 and Tomcat 7 are not affected. Is this now
intended or did I miss something?
Error message (Tomcat 8):
I'm not seeing this issue in my environment. I've pulled and built Tomcat 8
from SVN though. Perhaps you could try that and see if the issue has already
been resolved?
Here are the steps I followed:
1.) Check out Tomcat 8 from SVN (svn co
https://svn.apache.org/repos/asf/tomcat/trunk/ tomcat-trunk)
2.) Build (instructions can be found here ->
https://svn.apache.org/repos/asf/tomcat/trunk/BUILDING.txt)
3.) cd to output/build/
4.) cd to lib
5.) mkdir -p org/apache/catalina/util
6.) unzip catalina.jar org/apache/catalina/util/ServerInfo.properties
7.) Edit org/apache/catalina/util/ServerInfo.properties, replace info with
"N/A".
8.) ./bin/startup.sh
9.) Check the logs, which were clean for me.
10.) curl http://localhost:8080/does-not-exist verify output has version listed as
"N/A".
Dan
I'm not seeing this in my environment either:
1. 64 bit Windows 7
2. JRE 1.7.0_25
3. Tomcat 7.0.42
a. create a file
%CATALINA_HOME%\lib\org\apache\catalina\util\ServerInfo.properties
b. server.info=unknown
c. start up Tomcat from batch file
d. clean logs
e. Browse to http://localhost:8080/foo
f. get Server unknown at the bottom of the error page
g. Manager application also reports unknown for server version
/mde/
java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:271)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:461)
Tomcat:
apache-tomcat-6.0.37
apache-tomcat-7.0.40
apache-tomcat-7.0.42
Tomcat/8.0.0-RC1
JDK:
Oracle jdk1.7.0_25
OS:
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 1
Thank you very much!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org