https://issues.apache.org/bugzilla/show_bug.cgi?id=46477
Summary: problem with tomcat5 + JRE 1.6.11
Product: Tomcat 5
Version: Unknown
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
https://issues.apache.org/bugzilla/show_bug.cgi?id=46477
--- Comment #2 from CykaDi 2009-01-05 01:36:02 PST ---
what kind of reason this error message "Error TermParser:
java.lang.StringIndexOutOfBoundsException: String index out
of range: -1" ???
--
Configure bugmail: https://issues.apac
https://issues.apache.org/bugzilla/show_bug.cgi?id=46477
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=46464
--- Comment #2 from Sebb 2009-01-05 05:43:16 PST ---
I've also just discovered that Java appears not to call the private
readObject(ObjectInput) or writeObject(ObjectOutput) methods in DeltaSession.
It seems Java only looks for "priva
https://issues.apache.org/bugzilla/show_bug.cgi?id=46478
Mladen Turk changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=46478
Summary: configure in mod_jk 1.2.27 don't find Apache 2.2.11's
apxs file with Sun Solaris 8
Product: Tomcat Connectors
Version: 1.2.27
Platform: Sun
OS/Version: Solaris
Author: fhanik
Date: Mon Jan 5 10:34:25 2009
New Revision: 731644
URL: http://svn.apache.org/viewvc?rev=731644&view=rev
Log:
When deployment succeeds but the context still fails to start, provide instant
feedback
Modified:
tomcat/trunk/java/org/apache/catalina/manager/LocalStrings.properti
https://issues.apache.org/bugzilla/show_bug.cgi?id=37515
--- Comment #12 from Jess Holle 2009-01-05 05:53:50 PST ---
Somehow I missed the classpath attribute. That indeed solves my problem.
I have one much smaller (nuisance) problem. I want to specify -source and
-target of 1.6 -- as I wo
Author: markt
Date: Mon Jan 5 11:20:11 2009
New Revision: 731651
URL: http://svn.apache.org/viewvc?rev=731651&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46471
Use the URL of the JAR as well as the path within the JAR to identify a tag
file to keep tag file definitions u
https://issues.apache.org/bugzilla/show_bug.cgi?id=46471
--- Comment #2 from Mark Thomas 2009-01-05 11:22:00 PST ---
I have fixed this in trunk and proposed the patch for 6.0.x. The patch is
fairly invasive so there may be some reluctance to back port this to 6.0.x
(although all the TCK test
I'd like to re-raise an issue, since I didn't get too much of a
response, originally. Who can I talk to to lobby to get the default
behavior of using MD5 session token hashes to change? If you weren't
aware of it, there has been a recent and highly-publicized breaking of
SSL, by creating a ro
Author: markt
Date: Mon Jan 5 15:50:55 2009
New Revision: 731773
URL: http://svn.apache.org/viewvc?rev=731773&view=rev
Log:
Reported as part of https://issues.apache.org/bugzilla/show_bug.cgi?id=37515
Add options for Java 1.6 and 1.7
Modified:
tomcat/trunk/java/org/apache/jasper/compiler/JDT
Author: markt
Date: Mon Jan 5 15:54:58 2009
New Revision: 731774
URL: http://svn.apache.org/viewvc?rev=731774&view=rev
Log:
Add a couple of proposals
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/S
https://issues.apache.org/bugzilla/show_bug.cgi?id=37515
--- Comment #13 from Mark Thomas 2009-01-05 15:56:06 PST ---
The JDT issue is a bug. I have committed a fix to trunk and proposed it for
6.0.x
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
---
Author: markt
Date: Mon Jan 5 15:57:27 2009
New Revision: 731776
URL: http://svn.apache.org/viewvc?rev=731776&view=rev
Log:
Add fix for 37515
Modified:
tomcat/current/tc5.5.x/STATUS.txt
Modified: tomcat/current/tc5.5.x/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STA
https://issues.apache.org/bugzilla/show_bug.cgi?id=37515
--- Comment #14 from Mark Thomas 2009-01-05 15:57:32 PST ---
Add also proposed for 5.5.x
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are t
you don't need to lobby, simply create a patch in Bugzilla
Minoo Hamilton wrote:
I'd like to re-raise an issue, since I didn't get too much of a
response, originally. Who can I talk to to lobby to get the default
behavior of using MD5 session token hashes to change? If you weren't
aware of i
https://issues.apache.org/bugzilla/show_bug.cgi?id=37627
--- Comment #12 from Mark Thomas 2009-01-05 16:01:11 PST ---
Given the trouble we have had re-producing this, could you test with 5.5.27 and
tc-native 1.1.16 in case one of the many fixes since 5.5.20 and 1.1.7 has fixed
this.
--
Co
https://issues.apache.org/bugzilla/show_bug.cgi?id=37627
Mark Thomas changed:
What|Removed |Added
Status|REOPENED|NEEDINFO
--
Configure bugmail:
Filip Hanik - Dev Lists wrote:
> you don't need to lobby, simply create a patch in Bugzilla
Although it is likely to get ignored / end up as WONTFIX. I don't see
what the security issue is here. How does an MD5 collisions affect the
security of the session ID?
Mark
>
> Minoo Hamilton wrote:
>>
https://issues.apache.org/bugzilla/show_bug.cgi?id=46464
Filip Hanik changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=46464
Sebb changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID
https://issues.apache.org/bugzilla/show_bug.cgi?id=37515
--- Comment #15 from Jess Holle 2009-01-05 16:49:10 PST ---
Thanks!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the b
How would you reverse a session-id from an MD5 hash? The exploit used to
forge an SSL certificate will not help you. The MD5 exploit is irrelevant to
this particular usage.
Lots of links and discussion:
http://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html
If you are connecting to *a
Perhaps, I am making a big deal over a small theoretical issue, but I
don't think I am. In my mind, if you're ever in a situation to
guess/predict/brute force a valid and current session token, there are a
range of session hijacking possibilities that are all potentially bad.
If you'd really
Preston L. Bannister wrote:
How would you reverse a session-id from an MD5 hash? The exploit used to
forge an SSL certificate will not help you. The MD5 exploit is irrelevant to
this particular usage.
Lots of links and discussion:
http://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.htm
Mark Thomas wrote:
> Filip Hanik - Dev Lists wrote:
>> you don't need to lobby, simply create a patch in Bugzilla
>
> Although it is likely to get ignored / end up as WONTFIX. I don't see
> what the security issue is here. How does an MD5 collisions affect the
> security of the session ID?
The on
27 matches
Mail list logo
