----- On Jun 22, 2016, at 1:52 PM, Bernd Lentes bernd.len...@helmholtz-muenchen.de wrote:
> Hi, > > i changed maxHttpHeaderSize in server.xml following the recommendation in > CVE-2016-3092. > I changed it to 2048 bytes. > > <Connector port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" maxHttpHeaderSize="2048" /> > <!-- A "Connector" using the shared thread pool--> > <!-- > <Connector executor="tomcatThreadPool" > port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" maxHttpHeaderSize="2048" /> > > > After restart of the server i got several errors in catalina.log: > > Jun 22, 2016 1:38:01 PM org.apache.catalina.loader.WebappClassLoader > clearReferencesJdbc > SEVERE: The web application [/MouseIDGenes] registered the JDBC driver > [org.postgresql.Driver] but failed to unregister it when the web application > was stopped. To prevent a memory leak, the JDBC Driver has been forcibly > unregistered. > Jun 22, 2016 1:38:01 PM org.apache.coyote.http11.Http11Protocol destroy > > ... > > Jun 22, 2016 1:38:07 PM org.apache.catalina.loader.WebappLoader start > SEVERE: LifecycleException > java.io.IOException: Failed to access resource /WEB-INF/lib/[taglibs-core].jar > at > > org.apache.catalina.loader.WebappLoader.setRepositories(WebappLoader.java:1052) > at org.apache.catalina.loader.WebappLoader.start(WebappLoader.java:683) > at > org.apache.catalina.core.StandardContext.start(StandardContext.java:4609) > at > > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:803) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:780) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:583) > at > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1080) > at > > org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1003) > at > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:507) > at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1322) > at > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:325) > at > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1069) > at org.apache.catalina.core.StandardHost.start(StandardHost.java:822) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1061) > at > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463) > at > org.apache.catalina.core.StandardService.start(StandardService.java:525) > at > org.apache.catalina.core.StandardServer.start(StandardServer.java:759) > at org.apache.catalina.startup.Catalina.start(Catalina.java:595) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56) > at java.lang.reflect.Method.invoke(Method.java:620) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > Caused by: javax.naming.NamingException: Resource [taglibs-core].jar not found > at > org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:209) > at > > org.apache.catalina.loader.WebappLoader.setRepositories(WebappLoader.java:1050) > ... 24 more > > ... > > Jun 22, 2016 1:38:07 PM org.apache.catalina.core.ContainerBase > addChildInternal > SEVERE: ContainerBase.addChild: start: > LifecycleException: start: : java.io.IOException: Failed to access resource > /WEB-INF/lib/[taglibs-core].jar > at org.apache.catalina.loader.WebappLoader.start(WebappLoader.java:709) > at > org.apache.catalina.core.StandardContext.start(StandardContext.java:4609) > at > > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:803) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:780) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:583) > at > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1080) > at > > org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1003) > at > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:507) > at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1322) > at > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:325) > at > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1069) > at org.apache.catalina.core.StandardHost.start(StandardHost.java:822) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1061) > at > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463) > at > org.apache.catalina.core.StandardService.start(StandardService.java:525) > at > org.apache.catalina.core.StandardServer.start(StandardServer.java:759) > at org.apache.catalina.startup.Catalina.start(Catalina.java:595) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56) > at java.lang.reflect.Method.invoke(Method.java:620) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > > ... > > Jun 22, 2016 1:38:07 PM org.apache.catalina.startup.HostConfig deployDirectory > SEVERE: Error deploying web application directory examples > java.lang.IllegalStateException: ContainerBase.addChild: start: > LifecycleException: start: : java.io.IOException: Failed to access resource > /WEB-INF/lib/[taglibs-core].jar > at > > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:807) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:780) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:583) > at > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1080) > at > > org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1003) > at > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:507) > at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1322) > at > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:325) > at > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1069) > at org.apache.catalina.core.StandardHost.start(StandardHost.java:822) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1061) > at > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463) > at > org.apache.catalina.core.StandardService.start(StandardService.java:525) > at > org.apache.catalina.core.StandardServer.start(StandardServer.java:759) > at org.apache.catalina.startup.Catalina.start(Catalina.java:595) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56) > at java.lang.reflect.Method.invoke(Method.java:620) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > > I'm pretty new to tomcat. Does anybody have an idea ? > It's tomcat6-6.0.45-0.50.1 on a SLES 11 SP4 64bit. > > Thanks. > > > Bernd Hi, i read "[SECURITY][CORRECTION] CVE-2016-3092 Apache Tomcat Denial of Service" and recognized that Tomcat 6.x is not affected. I undid the changes, restarted the server but got the same errors. Bernd Helmholtz Zentrum Muenchen Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH) Ingolstaedter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe Geschaeftsfuehrer: Prof. Dr. Guenther Wess, Dr. Alfons Enhsen, Renate Schlusen (komm.) Registergericht: Amtsgericht Muenchen HRB 6466 USt-IdNr: DE 129521671 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
