Skip to main content
Category

Tomcat

Jun 25
Love3

Tomcat RCE Vulnerability via JSP Upload Bypass

By Open Source, Apache TomEE, Tomcat, TomEE No Comments

Tomitribe’s Jonathan Gallimore (@jongallimore) explains how easy it is to exploit a simple configuration vulnerability in Apache Tomcat and take over your entire server. He also explains how easy it is to prevent this from happening with a simple configuration change. This is an older exploit but one that may not be patched on your own installation. Watch the video to ensure you are protected! Tomitribe’s Enterprise Support service works with Sonatype to monitor all reported vulnerabilities to Tomcat, TomEE, and ActiveMQ to help protect our customers from malicious hackers. Learn more about how we help protect our customers here.

Read More
May 21
Love2

Debug mode in Docker for Tomcat and TomEE

By Apache TomEE, Docker, ES, Open Source, Tomcat, TomEE One Comment
Remote debugging is a common practice for troubleshooting issues in software development. If you are using Tomcat or TomEE with Docker containers as part of your stack you can find various techniques to enable debug capabilities in these types of containers: 1. Create a custom Docker image by extending an existing official one 2. Extensive customization of CATALINA_OPSTS However, both approaches require extra steps in some scenarios. Below I share the simplest method I have used to do remote debugging in Apache Tomcat and Apache TomEE with a Docker image: $ $ docker run -it -p 8080:8080 -p 8000:8000 -e…
Read More
May 02
Love2

Docker y debug de Apache Tomcat y TomEE

By Apache TomEE, Docker, ES, Open Source, Tomcat, TomEE No Comments
El debug remoto es una práctica común para investigación de problemas de microservicios. Si estas utilizando contenedores Docker Apache Tomcat o Apache TomEE, en la web puedes encontrar varias técnicas como lo son: 1. Extender una imagen oficial y personalizar 2. Utilizar personalización extensiva de CATALINA_OPTS Sin embargo ambos enfoques requieren extra pasos aplicables para algunos escenarios. A continuación les comparto la forma más sencilla que he utilizado para poder hacer debug remoto en Apache Tomcat y Apache TomEE: $ $ docker run -it -p 8080:8080 -p 8000:8000 -e CATALINA_OPTS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000" tomcat:9.0.17-jre11 Anatomía de las opciones utilizadas: docker run Comando para…
Read More