Tommy Griffith

Thank you. I am still a little confused on where the resource config file would go. It would be referenced by name, it appears, and I see where the GUI could handle everything else. Not sure how to get this file in there.  Would the dpcBase="C:/tomcat9/etc..etc.. have to change?

Hello. I've been looking at videos, etc. and I am still pretty confused about this.

Basically, I currently have this...it's straight-forward...

Tomcat 9, JRE 9

two wars in tomcat9/webapps

several external jars such as ojdbc6.jar, tools.jar, ncso.jar...etc stored in tomcat9/lib

one resource war config file (app_name.xml) stored in tomcat9/conf/Catalina/localhost/app_name.xml


How does all this junk get redeployed in Elastic Beanstalk? Is it a mess? Can it be done via one bundle or does it require source code mods?

I know the resource app_name.xml has parameters like docBase="C:/tomcat9/webapps/app_name"..path="/app_name"...workDir="work\Catalina\localhost\app_name"... in addition to the JDBC resource mapping to Oracle.

thank you so much.

Hello. If you have a minute, I came across something in a massive code library which is throwing a ClasscaseException...I think the ocnditions for this to actually execute rarely occur so it went undetected...


private HashMap relatedCases=new HashMap();

String key;

...etc...

ArrayList al=(ArrayList) relatedCases.get(key);


The last line throws a ClassCastException java.util.HashMap incompatible with java.util.ArrayList.

I've read where HashMap and ArrayList can't be cast so I'm kind of confused how to convert the value returned from the HashMap to an ArrayList. Thank you.

Tim Holloway wrote:JEE is a completely different product than the JRE/JDK with little overlap. However, on the whole you can continue to run older JEE applications (such as webapps) without changes. Tomcat provides all of the JEE libraries, however, so changing JDK versions won't change what JEE versions it supports.

Thanks, Tim. So it looks like...

Tomcat 9 and JDK 9 --> 13 shouldn't require changes.

Tomcat 10 and JDK 13...what about the "targeted at Jakarta EE 9" stuff with Tomcat 10? Would this require recode of webapps and/or migration (they have a migration tool in development)?

salvin francis wrote:

Tommy Griffith wrote:...used setx to temporarily set JAVA_HOME, installed the service with service.bat, then removed the JAVA_HOME with "HKLM...etc.."...

Assuming HKLM stands for HKEY_LOCAL_MACHINE, I don't think you need to modify windows registry at all. Just using the SET JAVA_HOME="bar" command should be fine in your bat file as long as you use the same session.

Hi, Salvin. Yeah, I was setting JAVA_HOME for the service install, but then used HKEY_LOCAL_MACHINE to get it out of there after install.

Thanks so much. Yeah, when installing tomcat service, I was all command line...used setx to temporarily set JAVA_HOME, installed the service with service.bat, then removed the JAVA_HOME with "HKLM...etc.."

So the service just needs to know JAVA_HOME during installation.

So I was going to attempt the same with Tomcat 9 and JDK 13.

My concern is that Tomcat 10 is using that Jakarta EE stuff and it says you need to recode stuff, migrate, etc. However, I am confused as how that affects the JDK releases (as there are planned future JDK releases and JDK 8 is supported through 2030).

If I stick with Tomcat 9 and go to JDK 13, i shouldn't encounter this javax --> jakarta class stuff...praying? you think?

Hello. I currently have Tomcat 9 windows service running with jvm 9. Oracle operations, javax classes, etc. Should there be any issues with trying to move the JDK/JVM to 13? I' thinking of installing a separate Tomcat 9 service with JDK 13 rather than trying to change the JVM. I would on;y have access to the production server consoles through remote command line, not the Windows based Tomcatw file. Thank you.

I think I was confirming that any request causing an exception in catalina will be logged in localhost.

Every request (good or bad) is logged in localhost?

thank you so much, again.

In summary, localhost should display every single request, while catalina displays some exceptions which may be triggered by some of the requests.

localhost has everything to trace the requests...?

ok, thanks. i read up on activating valves within server.xml....activating the logging valve produces...

localhost_access_log.yyy-mm-dd.txt

which is already happening. I'm not sure if it is via default (Tomcat 9). I might have gone down this road before and activated the valve when I installed, I can't remember.

Anyway, I now understand the difference/purpose between


catalina.yyy-mm-dd.log

and

localhost_access_log.yyy-mm-dd.txt


So if I try to "line up" the weird error times in catalina with the IP and request times in localhost_access, they almost align. All requests are coming from that same IP referenced earlier. So they seem to point to that internal vulnerability software.

1. There are a bunch invalid message received errors logged in catalina between 2:23 and 2:28. However, localhost starts logging GETS between 2:26 and 2:43.

2. Another set form the same IP appears oin both logs at 2:56, those seem to synch almost perfectly.

Since all this junk happens wihtin the same half hour every day, I'm sure it's the same internal source. However, could those time differences be normal, attributable to,I don't know, processing times within Tomcat and network? thank you.

Thank you. I renamed them but I will delete them all together. I'd really like to find out what is trying to access it. I don't know if it's related to the vulnerability software, because it is only on the development server. I guess the only way to know would be anti-virus, nothing can be captured in the Tomcat log, right?

javax.servlet.jsp.JspTagException: Invalid JSP file ?
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)

javax.servlet.jsp.JspTagException: Invalid JSP file /jsp/
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)

javax.servlet.jsp.JspTagException: Invalid JSP file %2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)

Hello. Thanks so much for your assistance. They just told me the IP is for their Tenable Nessus vulnerability scanner, so I guess it looks like their testing vulnerabilities with all those GETS.

What I'm still concerned about is the thing going into the examples folder. Renaming it seems to make it go away but I don't like that something is in there. I was told Mcafee is full on with the server and I jsut don't get how any malware could be injected in some innocuous dev server behind a firewall/vpn/etc. Those log entries have no origin ip and I don't know if it could be some sort of other vulnerability scan.

I have seen quicker performance after renaming the examples folder.

Thanks so much. The server admin renamed examples and that exception did go away. I'm still worried about that dead cookie thing, I think that is somehow related to all this.

I know this is long but I'm seeing this weird set of lines n the log, maybe a glimpse will indicate something, like is this some sort of hack attempt?...all the GETs, 200 and 404s?...

Actually, I see lotus notes files in there, this thing is scrolling the file directories it looks like. Now that I've gone back, I see these types of entries since the install...maybe I'm being paranoid over the cookie and the thing using examples.

The 111.11.11.111 is a fake ip I put in there...

111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET //perl.exe?-v HTTP/1.1" 404 1086
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET /login?redirects=10 HTTP/1.1" 404 1078
111.11.11.111 - - [07/Nov/2019:02:30:54 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:54 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1494107155 HTTP/1.1" 404 1087
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet991665113. HTTP/1.1" 404 1087
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet2041817301.asp HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet664732588.aspx HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet600815077.html HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet363404008.htm HTTP/1.1" 404 1090
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1016239117.shtm HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1577129873.shtml HTTP/1.1" 404 1093
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1456605888.jsp HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1040198048.jspx HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1976071744.php HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet715448670.php3 HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet570167550.php4 HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1687952712.php5 HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1643283870.php6 HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet379062877.cfm HTTP/1.1" 404 1090
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET /cgi-bin/com5.pl HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET /forum.php HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET /header.php HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /login.php HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /pluto/portal/ HTTP/1.1" 404 1094
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /sitemap.xml HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /sitemap/sitemap.xml HTTP/1.1" 404 1096
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /map/sitemap.xml HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /account.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /accounts.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /admin4.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /agentrunner.nsf HTTP/1.1" 404 1088
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /AgentRunner.nsf HTTP/1.1" 404 1088
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /archive/a_domlog.nsf HTTP/1.1" 404 1097
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /archive/l_domlog.nsf HTTP/1.1" 404 1097
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /bookmark.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /books.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /busytime.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /calendar.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /catalog.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /cersvr.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /certlog.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /certsrv.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /collect4.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /cpa.nsf HTTP/1.1" 404 1080
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /database.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /db.nsf HTTP/1.1" 404 1079
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /dbdirman.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /decsadm.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /default.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /doladmin.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /domcfg.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /domguide.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /domino.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /domlog.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /events4.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /group.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /groups.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /hidden.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /iNotes/Forms5.nsf HTTP/1.1" 404 1094
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /lccon.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /ldap.nsf HTTP/1.1" 404 1081
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /lndfr.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /log.nsf HTTP/1.1" 404 1080
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /loga4.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mab.nsf HTTP/1.1" 404 1080
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mail.box HTTP/1.1" 404 1081
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mail/admin.nsf HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mailw46.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mtabtbls.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /name.nsf HTTP/1.1" 404 1081
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /names.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /nntppost.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /notes.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /ntsync4.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /private.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /products.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /proghelp/KBCCV11.nsf HTTP/1.1" 404 1097
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /coderanch.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /qstart.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /quickstart/qstart50.nsf HTTP/1.1" 404 1100
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /quickstart/wwsample.nsf HTTP/1.1" 404 1100
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /reports.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /sample/faqw46.nsf HTTP/1.1" 404 1094
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /sample/framew46.nsf HTTP/1.1" 404 1096
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /secret.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /secure.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /setup.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /smtpibwq.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /smtpobwq.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /smtptbls.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /software.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /statmail.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /statrep.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /statsrep.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /stats675.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /user.nsf HTTP/1.1" 404 1081
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /users.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /webadmin.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /welcome.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /zmevladm.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:06 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:31:06 -0500] "GET null null" 400 -
111.11.11.111 - - [07/Nov/2019:02:31:07 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:31:07 -0500] "GET /portal/page/portal/Design_Time_PG/Welcome HTTP/1.1" 404 1130
111.11.11.111 - - [07/Nov/2019:02:31:07 -0500] "GET /page/portal/Design_Time_PG/Welcome HTTP/1.1" 404 1119
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1129
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1133
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV1_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV2_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV3_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV4_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV5_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV6_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV7_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV8_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV9_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134

ugh, the original jsp parsing errors returned.

I have Tomcat 9.0.11 running as the servie and a couple of older Tomcats sitting unstarted as services. Those shouldn't be exploited, right?

Maybe remove examples folder or will that cause an issue?

I asked the server people about running anti-malware and check disk, but I'm afraid this might cause a big ruckus over Tomcat security...

I think netware has the "ncf" extension, notes databases are "nsf".

While going through the Tomcat 9 logs working on this, I noticed these two apparently "random" exceptions. This is from the backup prod server so there weren't any manual http requests that I am aware of (first issue below) and the war apps don't use cookies (second issue)...

I saw a guy on stackoverflow with the same exceptions post-upgrade to Tomcat 9 so I lifted his below. I see the same exact two exceptions...

It's weird as the servlets seem to be working ok and no request was made on this server, at least by an end user. I've read where the first exception might have to do with [] or {} in the request url but the log doesn't reveal any urls.


First issue:

30-Sep-2019 20:40:04.146 INFO [http-nio-8009-exec-24] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:415) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:292) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834)

Second issue:

02-Oct-2019 03:08:29.694 INFO [https-jsse-nio2-8443-exec-23] org.apache.tomcat.util.http.parser.Cookie.logInvalidHeader A cookie header was received [::7907=pub_site.1569985617; ezoab_7907=mod1; ezoref_7907=; ezoadgid_7907=-1] that contained an invalid cookie. That cookie will be ignored. Note: further occurrences of this error will be logged at DEBUG level.