Jump to content

Tomcat Sample Configuration

GCG
 Share

Recommended Posts

GCG

GCG 5

Posted
Posted

We are a national MSP based in Chicago and while working with ESET to test the upcoming ESET ESMC 7.X release GCG decided that we wanted to upgrade the built-in version of Tomcat 7.x (32-bit) to version 9.0.10 (64-bit).  This, of course, meant that we also had to update the Tomcat configuration and update our Java install. 


We don't want to bore everyone with the technical details, but we felt like the overall level of documentation available was lacking so we wanted to share the Tomcat configuration we are using to make configuration and upgrade of the Tomcat install easier for others. 

Our configuration should work for most 32-bit or 64-bit installs of Tomcat 7, 8, or 9.  As part of our upgrade, we migrated away from using keystores and instead referenced the CA, Certificate, and Key directly using (binary) PEM formatted files. 

We are more than happy to share our configuration with the community, so everyone can benefit.

CVE-2018-1336

Quote

CVE-2018-1336 - An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

 

We have sanitized the configuration for security reasons.  If you have questions about why we have configured things the way, we have we will do our best to respond to questions.
Please make sure to you have a backup of your Tomcat install before overwriting or modifying any files.  We take no responsibility for anyone's actions except our own.
Configuration was verified on Tomcat version 9.0.10 (64-bit) with Java 8 update 181 (64-bit)
GCG SAMPLE TOMCAT CONFIGURATION (ATTACHMENT BELOW)
 

 

Tomcat.zip

Link to comment
Share on other sites
  • 1 month later...
katycomputersystems

katycomputersystems 1

Posted
Posted

@GCG would you mind sharing tomcat.zip? When I tried downloading the file, it said I lack privileges to do so.

Are you or members of your team planning on attending February's conference. We haven't been there for several years, the last time we went we really enjoyed the trip. It would be good to mingle with other MSPs using eset.

We are in St Louis, Missouri

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...