Re: Virtual event focussed on Tomcat Security

2020-09-30 Thread Maarten van Hulsentop
? For the educational/hardening aspect, it could be nice to team up with/involve OWASP? I am surely interested to pitch in on this topic! Kind regards, Maarten van Hulsentop Op di 29 sep. 2020 om 13:26 schreef Mark Thomas : > Hi all, > > We (the Tomcat community) have some funding from

Re: Fwd: [SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload

2017-09-22 Thread Maarten van Hulsentop
dify [tomcat]/conf/web.xml, change url pattern / to /* (for default) - PUT possible - GET retrieves the content for the JSP -> not vulnerable right now? Thank you for your feedback, Regards, Maarten van Hulsentop

Tomcat 7.0.63 release date known?

2015-06-10 Thread Maarten van Hulsentop
Dear Tomcat users, We are using Apache Tomcat 7 to run our product on, using a number of features of the Tomcat product, such as the SPNego mechanism. For security reasons we keep up with the latest supported versions of both Tomcat and the Oracle JRE. Lately, we have found out that the regression

SAML 2.0 with container managed authentication in Tomcat

2014-09-11 Thread Maarten van Hulsentop
? Any best practices? Thank you! Regards, Maarten van Hulsentop

SingleSignOn valve in combination with SPNego

2014-06-04 Thread Maarten van Hulsentop
Hello all, We are encountering an issue with the use of the SingleSignOn valve and SPNego and are looking for a best practice on this. Let me describe our situation; Our suite consists of multiple end-user webapplications but also a few webapplications that accept interaction from other systems. A

Re: [ANN] Apache Tomcat 7.0.52 released

2014-02-20 Thread Maarten van Hulsentop
Hello Violeta, On the security vulnerability site https://tomcat.apache.org/security-7.html, issue CVE-2014-0050is still reported to be fixed in 7.0.51, which is stated as "not yet released". I assume the fix is delivered in 7.0.52 as w

Re: Single error page for multiple web applications

2014-01-02 Thread Maarten van Hulsentop
me, once we have migrated to Tomcat 8. Regards, Maarten 2014/1/1 Christopher Schultz > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Leo, > > On 12/31/13, 3:58 PM, Leo Donahue wrote: > > On Dec 31, 2013 3:15 AM, "Maarten van Hulsentop" > >

Re: Single error page for multiple web applications

2013-12-31 Thread Maarten van Hulsentop
regards/met vriendelijke groet, > > Serge Fonville > > http://www.sergefonville.nl > > > 2013/12/31 Maarten van Hulsentop > > > Hello, > > > > We are using Tomcat to host a number of web applications as a uniform > > solution. We trying to implement something that seems

Single error page for multiple web applications

2013-12-31 Thread Maarten van Hulsentop
opinions about this, things i missed, or (even better!) your solution :) Thank you in advance! Regards, Maarten van Hulsentop

Tomcat SPNEGO valve - role assignment in 'grant-all' realm

2012-10-10 Thread Maarten van Hulsentop
ight track? Regards, Maarten van Hulsentop