Re: Filter behaviour

Leo Donahue wrote: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException Assuming you have only a single Filter configured in web.xml Assuming you have logic in a doFilter that checks the value of a boolean. If the boolean

Tomcat - OOM Perm gen

Hi All, I have 2 web apps sitting on single tomcat instance, App A( Classic JSP/Servlet/jstl/velocity App) and App B (Struts2 based app). Now I have added S2 to App A and trying to fix some bad code in it with it.But after making this change I keep getting out of OOM issues once user count reach

Filter behaviour

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException Assuming you have only a single Filter configured in web.xml Assuming you have logic in a doFilter that checks the value of a boolean. If the boolean is true, then assume

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

> Le 25 juin 2015 à 16:16, Christopher Schultz a > écrit : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Pascal, > > On 6/25/15 10:01 AM, Christopher Schultz wrote: >> Pascal, >> >> On 6/24/15 4:23 PM, Pascal Abaziou wrote: >>> Hello, >> >>> I’m searching for the version that fi

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

> Le 25 juin 2015 à 21:45, Pascal Abaziou a écrit : > > >> Le 25 juin 2015 à 10:40, André Warnier > > a écrit : >> >> Pascal Abaziou wrote: >> Le 25 juin 2015 à 00:23, Mark Eggers >>> > a écrit : -BEGIN PGP SIGN

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

> Le 25 juin 2015 à 10:40, André Warnier a écrit : > > Pascal Abaziou wrote: > >>> Le 25 juin 2015 à 00:23, Mark Eggers a >>> écrit : >>> >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA1 >>> >>> On 6/24/2015 2:40 PM, André Warnier wrote: Pascal Abaziou wrote: > Hello, > >

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

On 06/25/2015 04:45 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/25/15 10:30 AM, agharta wrote: On 06/25/2015 03:51 PM, Christopher Schultz wrote: Agharta, On 6/25/15 2:39 AM, agharta wrote: On 06/24/2015 06:04 PM, Christopher Schultz wrote: Ag

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/25/15 10:30 AM, agharta wrote: > On 06/25/2015 03:51 PM, Christopher Schultz wrote: Agharta, > > On 6/25/15 2:39 AM, agharta wrote: On 06/24/2015 06:04 PM, Christopher Schultz wrote: Agharta, On 6/24/15 11:17 AM, aghar

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

On 06/25/2015 03:51 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/25/15 2:39 AM, agharta wrote: On 06/24/2015 06:04 PM, Christopher Schultz wrote: Agharta, On 6/24/15 11:17 AM, agharta wrote: Hi all, A rapid question: colud i place the tomcat 7

Re: [External] Re: CVE-2014-7810 Mitigation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 6/25/15 8:32 AM, André Warnier wrote: > Lynch, Charles [USA] wrote: >> You are saying a malicious actor would need to be on the server >> itself to load an application? >> > > Basically yes, or be allowed to load and deploy applications

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pascal, On 6/25/15 10:01 AM, Christopher Schultz wrote: > Pascal, > > On 6/24/15 4:23 PM, Pascal Abaziou wrote: >> Hello, > >> I’m searching for the version that fixes a bug I’ve on a tomcat >> 6.0.24 (on redhat). As I do not reproduce it on my w

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pascal, On 6/24/15 4:23 PM, Pascal Abaziou wrote: > Hello, > > I’m searching for the version that fixes a bug I’ve on a tomcat > 6.0.24 (on redhat). As I do not reproduce it on my windows > workstation with tomcat 6.0.44, I need elements to argue t

Re: Is Tomcat 7.0.62 vulnerable to these issues: CVE-2007-6750/CVE-2009-5111

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 6/25/15 3:49 AM, Mark Thomas wrote: > On 25/06/2015 07:07, Nikitha Benny wrote: >> Hi, >> >> I am confused regarding the 2 security issues CVE-2007-6750 and >> CVE-2009-5111. >> >> Can they be tracked to CVE-2012-5568? > > All of those C

Re: [External] Re: CVE-2014-7810 Mitigation

Lynch, Charles [USA] wrote: Thank you. I am fairly unfamiliar with Apache as a whole. Simply trying to address our possible attack surfaces. I appreciate your assistance. Welcome. By the way, I found the reference to the article below by entering this on Google : CVE-2014-7810 and Tomcat S

Re: Can i use Tomcat 7 catalina-ws.jar in Tomcat 8???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Agharta, On 6/25/15 2:39 AM, agharta wrote: > On 06/24/2015 06:04 PM, Christopher Schultz wrote: Agharta, > > On 6/24/15 11:17 AM, agharta wrote: Hi all, A rapid question: colud i place the tomcat 7 catalina-ws.jar inside a new

RE: [External] Re: CVE-2014-7810 Mitigation

Thank you. I am fairly unfamiliar with Apache as a whole. Simply trying to address our possible attack surfaces. I appreciate your assistance. From: André Warnier [a...@ice-sa.com] Sent: Thursday, June 25, 2015 8:32 AM To: Tomcat Users List Subject: Re: [External]

Re: [External] Re: CVE-2014-7810 Mitigation

Lynch, Charles [USA] wrote: You are saying a malicious actor would need to be on the server itself to load an application? Basically yes, or be allowed to load and deploy applications via the Manager application (which is either not installed, or anyway secured by default) It is fairly cle

RE: [External] Re: CVE-2014-7810 Mitigation

You are saying a malicious actor would need to be on the server itself to load an application? From: André Warnier [a...@ice-sa.com] Sent: Thursday, June 25, 2015 7:55 AM To: Tomcat Users List Subject: [External] Re: CVE-2014-7810 Mitigation Lynch, Charles [USA]

Re: CVE-2014-7810 Mitigation

Lynch, Charles [USA] wrote: Seeking guidance on mitigation of CVE-2014-7810 on Apache Tomcat 6.0.37. Upgrading to 6.0.43 is not an option for my team at the moment, and we need to secure our install via other means until the patch ca

CVE-2014-7810 Mitigation

Seeking guidance on mitigation of CVE-2014-7810 on Apache Tomcat 6.0.37. Upgrading to 6.0.43 is not an option for my team at the moment, and we need to secure our install via other means until the patch can be applied. If there are an

Re: Tomcat 6 : saerching for a bug fix between 6.0.24 and 6.0.44

Pascal Abaziou wrote: Le 25 juin 2015 à 00:23, Mark Eggers a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/24/2015 2:40 PM, André Warnier wrote: Pascal Abaziou wrote: Hello, I’m searching for the version that fixes a bug I’ve on a tomcat 6.0.24 (on redhat). As I do not reprod

Re: Is Tomcat 7.0.62 vulnerable to these issues: CVE-2007-6750/CVE-2009-5111

On 25/06/2015 07:07, Nikitha Benny wrote: > Hi, > > I am confused regarding the 2 security issues CVE-2007-6750 > and CVE-2009-5111. > > Can they be tracked to CVE-2012-5568? All of those CVEs are essentially the same issue (slowloris) in different products. > According to CVE-2012-5568, I und

Re: Disabling Naggle's algorithm / Setting tcpNoDelay programatically for web sockets

On 25/06/2015 06:59, Ganesh Bms wrote: > Hi, > > As per tomcat's performance tuning doc, 'tcpNoDelay' can be > enabled/disabled at connector level. > Is there a programmatic way to set 'tcpNoDelay' to true for web socket > connections ? I am using tomcat's proprietary web socket APIs in my > appli