On 8/26/2020 11:27 PM, Pratik Shrestha wrote:
Dear all,
Thanks for so many replies and your discussions.
For me, there are two options for the fix which I am not able to make them
work.
1. Either show 'ERR_EMPTY_RESP' like old Tomcat version 7 used to show. As
far as I know, with Tomcat 7 giv
Dear all,
Thanks for so many replies and your discussions.
For me, there are two options for the fix which I am not able to make them
work.
1. Either show 'ERR_EMPTY_RESP' like old Tomcat version 7 used to show. As
far as I know, with Tomcat 7 giving that error, Qualys did not use to show
this
What is the URL they are testing? Is there a reason there is a 9443 port open?
How about adding a blank page with a redirect, or use the rewrite valve to
rewrite to https?
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Plat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/26/20 13:59, Mark Thomas wrote:
> On 26/08/2020 17:50, Christopher Schultz wrote:
>> On 8/26/20 05:27, Mark Thomas wrote:
>>> On 26/08/2020 08:14, Martin Grigorov wrote:
Hi,
On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jon,
On 8/26/20 14:01, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Did Qualsys include a QID with their report?
No, but the OP did include this:
"
Insecure transport
Group: Information Disclosure
CWE CWE-319
OWASP A3 Sensitive Data Exposure
WAS
Did Qualsys include a QID with their report?
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508
On 26/08/2020 17:50, Christopher Schultz wrote:
> On 8/26/20 05:27, Mark Thomas wrote:
>> On 26/08/2020 08:14, Martin Grigorov wrote:
>>> Hi,
>>>
>>> On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha
>>> wrote:
>>>
Thanks for reply,
Hi Peter - it complains on port 8443 which belongs t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/26/20 05:27, Mark Thomas wrote:
> On 26/08/2020 08:14, Martin Grigorov wrote:
>> Hi,
>>
>> On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha
>> wrote:
>>
>>> Thanks for reply,
>>>
>>> Hi Peter - it complains on port 8443 which belongs to T
On 26/08/2020 08:14, Martin Grigorov wrote:
> Hi,
>
> On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha wrote:
>
>> Thanks for reply,
>>
>> Hi Peter - it complains on port 8443 which belongs to Tomcat.
>>
>> Hi Mark - Yes. making HTTP request on HTTPS is wrong. But this security
>> vulnerability i
On Tue, Aug 25, 2020 at 3:01 PM Tom Chiverton wrote:
> I'd like to propose some changes to the docs, but can not locate their
> source to submit a request.
>
https://github.com/apache/tomcat/blob/master/webapps/docs/config/host.xml
This is for Tomcat 10.x (master branch).
>
> For instance, in
Hi,
On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha wrote:
> Thanks for reply,
>
> Hi Peter - it complains on port 8443 which belongs to Tomcat.
>
> Hi Mark - Yes. making HTTP request on HTTPS is wrong. But this security
> vulnerability is given to us by Qualys scan. It tries to post plain HTTP
11 matches
Mail list logo
