Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
MIME-Version: 1.0
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: Re: Best versions - of Tomcat to run with apache
References: <2128E8CB1302D311B30A0090276DCBE930328A@DILBERT>
Message-ID: <oprqy0o50lxvhn30@mail.aas.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
From: John Turner <tomcat-user@johnturner.com>
Date: Wed, 18 Jun 2003 12:13:43 -0400
In-Reply-To: <2128E8CB1302D311B30A0090276DCBE930328A@DILBERT>
User-Agent: Opera7.03/Win32 M2 build 2670


I've never heard of that vulnerability.  Have you tried it?  Have you 
checked the security lists to confirm?

If memory serves, it wasn't known as of 4.1.18 when the "Apache Tomcat 
Security Handbook" from Wrox Press was published.

John

On Wed, 18 Jun 2003 16:37:22 +0100, Kevin Passey 
<kpassey@kdpsoftware.co.uk> wrote:

> Hi,
>
> Yes I've done the apache/tomcat/mod_jk2 and it works fine.
>
> The reason I wanted to do this is because I was using nessus to scan my 
> web
> server and it reports a vulnerability it TOMCAT 4.1.12 which allows 
> someone
> to retrieve any file on your system by putting ../../ in front of the 
> file
> name. It recommends to use another web server - yeah right - .
>
> So I thought if I put apache in front of it - running tomcat in process 
> that
> would cure it.
>
> Thanks anyway.
>
> Kevin
> -----Original Message-----
> From: Shapira, Yoav [mailto:Yoav.Shapira@mpi.com]
> Sent: 18 June 2003 16:29
> To: Tomcat Users List
> Subject: RE: Best versions - of Tomcat to run with apache
>
>
>
> Howdy,
> I did the standard apache2 - tomcat mod_jk configuration once, just to
> try it out.  But I run tomcat standalone, including in production, as I
> find its performance more than adequate and don't need any apache
> features.
>
> Yoav Shapira
> Millennium ChemInformatics
>
>
>> -----Original Message-----
>> From: Kevin Passey [mailto:kpassey@kdpsoftware.co.uk]
>> Sent: Wednesday, June 18, 2003 11:27 AM
>> To: 'Tomcat Users List'
>> Subject: RE: Best versions - of Tomcat to run with apache
>>
>> Hi Yoav,
>>
>> I know that - I want to load it on a RH7.2 box with apache using mod_jk
> or
>> 2.
>>
>> Have you ever configured tomcat to run "in-process" with apache. All
> you do
>> is start apache and it calls tomcat when and if it needs it.
>>
>> I'm on the verge of getting the latest 4.1.24 rpms and the latest
> apache2
>> rpms and just installing the whole lot.
>>
>> What I wondered was - if there were ony compatibility issues between
>> tomcat(latest) and apache2 running mod_jk2.
>>
>> Thanks anyway + regards
>>
>> Kevin
>> -----Original Message-----
>> From: Shapira, Yoav [mailto:Yoav.Shapira@mpi.com]
>> Sent: 18 June 2003 16:14
>> To: Tomcat Users List
>> Subject: RE: Best versions - of Tomcat to run with apache
>>
>>
>>
>> Howdy,
>> The latest stable release, 4.1.24.
>>
>> Yoav Shapira
>> Millennium ChemInformatics
>>
>>
>>> -----Original Message-----
>>> From: Kevin Passey [mailto:kpassey@kdpsoftware.co.uk]
>>> Sent: Wednesday, June 18, 2003 11:14 AM
>>> To: Tomcat (E-mail)
>>> Subject: Best versions - of Tomcat to run with apache
>>>
>>> Hi,
>>>
>>> Can anybody tell me the best version of Tomcat that will run with
>> apache
>>> using say mod_jk or mod_jk2.
>>>
>>> Thanks
>>>
>>> Kevin Passey
>>> Tel +44(0)1273 712830
>>> http://www.kdpsoftware.co.uk
>>> http://www.freeas400software.com
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>> This e-mail, including any attachments, is a confidential business
>> communication, and may contain information that is confidential,
>> proprietary
>> and/or privileged.  This e-mail is intended only for the individual(s)
> to
>> whom it is addressed, and may not be saved, copied, printed, disclosed
> or
>> used by anyone else.  If you are not the(an) intended recipient, please
>> immediately delete this e-mail from your computer system and notify the
>> sender.  Thank you.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> This e-mail, including any attachments, is a confidential business
> communication, and may contain information that is confidential, 
> proprietary
> and/or privileged.  This e-mail is intended only for the individual(s) to
> whom it is addressed, and may not be saved, copied, printed, disclosed or
> used by anyone else.  If you are not the(an) intended recipient, please
> immediately delete this e-mail from your computer system and notify the
> sender.  Thank you.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>


-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org