1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
|
<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>The Apache Tomcat Connector - Documentation Index</title><meta name="author" value="Mladen Turk"><meta name="email" value="mturk@apache.org"><meta name="author" value="Rainer Jung"><meta name="email" value="rjung@apache.org"><link href="./../style.css" type="text/css" rel="stylesheet"></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="4"><!--PAGE HEADER--><tr><td colspan="2"><!--TOMCAT LOGO--><a href="http://tomcat.apache.org/"><img src="./../images/tomcat.gif" align="left" alt="Apache Tomcat" border="0"></a><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="http://www.apache.org/images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left"><table border="0" width="100%" cellspacing="4"><tr><td align="left" valign="top"><h1>The Apache Tomcat Connector</h1><h2>Documentation Index</h2></td><td align="right" valign="top" nowrap="true"><img src="./../images/void.gif" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
<p>This is the top-level entry point of the documentation bundle for the
<strong>Apache Tomcat Connectors</strong>
</p>
<p>Select one of the links from the navigation menu (to the left) to drill
down to the more detailed documentation that is available. Each available
manual is described in more detail below.</p>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Headlines"><strong>Headlines</strong></a></font></td></tr><tr><td><blockquote>
<br>
<ul>
<li><a href="../news/20070301.html#20071221.1">21 December 2007 - <b>JK-1.2.26 released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Connectors 1.2.26 Stable.
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.26/tomcat-connectors-1.2.26-src.tar.gz">JK 1.2.26 release sources</a>
| <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.26/tomcat-connectors-1.2.26-src.tar.gz.asc">PGP signature</a>
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/">binaries</a> for selected platforms.
</p>
</li>
<li><a href="../news/20070301.html#20070807.1">7 August 2007 - <b>JK-1.2.25 released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Connectors 1.2.25 Stable.
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.25/tomcat-connectors-1.2.25-src.tar.gz">JK 1.2.25 release sources</a>
| <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.25/tomcat-connectors-1.2.25-src.tar.gz.asc">PGP signature</a>
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/">binaries</a> for selected platforms.
</p>
</li>
<li><a href="../news/20070301.html#20070727.1">27 July 2007 - <b>JK-1.2.24 released</b></a>
<p><b>This release has been withdrawn.</b>
</p>
</li>
<li><a href="../news/20070301.html#20070518.1">18 May 2007 - <b>JK-1.2.23 released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Connectors 1.2.23 Stable.
</p>
<p>This version addresses the security flaw:
<br>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1860"><b>CVE-2007-1860</b></a>
A double encoded ".." in a URL can be used to access URLs on the AJP backend,
for which no mod_jk forwarding rule exists (patch for CVE-2007-0450 was insufficient).
</p><p>
This version fixes the problem by using ForwardURICompatUnparsed
as the default for the forwarding JkOption.
You can similarly fix the problem for all previous versions of mod_jk by setting
"JkOption ForwardURICompatUnparsed".
If you upgrade to version 1.2.23 please ensure, that you do not have
a different forwarding option in your existing configuration.
We highly recommend, that you are consulting the
<a href="../reference/apache.html#Forwarding">forwarding documentation</a>,
especially concerning the implications for interaction with mod_rewrite.
</p><p>
Please note that this issue only affects configurations,
which use a prefix forwarding rule like "/myapp/*" or "/myapp/*.jsp"
to restrict access to the context "/myapp". The issue will allow
malicious URLs to reach "/otherapp" or "/otherapp/*.jsp" as well.
</p><p>
The Tomcat Project thanks Kazu Nambo for his responsible reporting of this
vulnerability.
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.23/tomcat-connectors-1.2.23-src.tar.gz">JK 1.2.23 release sources</a>
| <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.23/tomcat-connectors-1.2.23-src.tar.gz.asc">PGP signature</a>
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/">binaries</a> for selected platforms.
</p>
</li>
<li><a href="../news/20070301.html#20070417.1">17 April 2007 - <b>JK-1.2.22 released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Connectors 1.2.22 Stable.
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.22/tomcat-connectors-1.2.22-src.tar.gz">JK 1.2.22 release sources</a>
| <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.22/tomcat-connectors-1.2.22-src.tar.gz.asc">PGP signature</a>
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/">binaries</a> for selected platforms.
</p>
</li>
<li><a href="../news/20070301.html#20070301.1">1 March 2007 - <b>JK-1.2.21 released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Connectors 1.2.21 Stable.
</p>
<p>This version addresses the security flaw:
<br>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774"><b>CVE-2007-0774</b></a>
A Long URL Stack Overflow Vulnerability exists in the URI handler for the mod_jk library.
When parsing a long URL request, the URI worker map routine performs an
unsafe memory copy. This results in a stack overflow condition which can
be leveraged execute arbitrary code.
</p><p>
Please note this issue only affected versions 1.2.19 and 1.2.20 of the
JK Apache Tomcat Connector and not previous versions.
Tomcat 5.5.20 and Tomcat 4.1.34
included a vulnerable version in their source packages.
<strong>No </strong>other source code releases <strong> and no binary packages</strong>
of Tomcat were affected.
</p><p>
The Apache Tomcat project recommends that all users who have built mod_jk from source apply the patch or upgrade to the latest level and rebuild. Providers of mod_jk-based modules in pre-compiled form will be able to determine if this vulnerability applies to their builds. That determination has no bearing on any other builds of mod_jk, and mod_jk users are urged to exercise caution and apply patches or upgrade unless they have specific instructions from the provider of their module.
</p><p>
The Tomcat Project thanks an anonymous researcher working with
TippingPoint (www.tippingpoint.com) and the Zero Day Initiative
(www.zerodayintiative.com) for their responsible reporting of this
vulnerability.
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.tar.gz">JK 1.2.21 release sources</a>
| <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.21/tomcat-connectors-1.2.21-src.tar.gz.asc">PGP signature</a>
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/">binaries</a> for selected platforms.
</p>
</li>
<li><a href="../news/20060101.html#20061210.1">10 December 2006 - <b>JK-1.2.20 released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Connectors 1.2.20 Stable.
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.20/tomcat-connectors-1.2.20-src.tar.gz">JK 1.2.20 release sources</a>
| <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.20/tomcat-connectors-1.2.20-src.tar.gz.asc">PGP signature</a>
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/">binaries</a> for selected platforms.
</p>
</li>
<li><a href="../news/20060101.html#20060917.1">17 September 2006 - <b>JK-1.2.19 released</b></a>
<p>The Apache Tomcat team is proud to announce the immediate availability
of Tomcat Connectors 1.2.19 Stable.
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.19/tomcat-connectors-1.2.19-src.tar.gz">JK 1.2.19 release sources</a>
| <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.19/tomcat-connectors-1.2.19-src.tar.gz.asc">PGP signature</a>
</p>
<p>Download the <a href="http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/">binaries</a> for selected platforms.
</p>
</li>
</ul>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Reference Guide"><strong>Reference Guide</strong></a></font></td></tr><tr><td><blockquote>
<br>
<ul>
<li><a href="../reference/workers.html"><b>workers.properties</b></a>
<p>A Tomcat worker is a Tomcat instance that is waiting to execute servlets
on behalf of some web server. For example, we can have a web server such as Apache
forwarding servlet requests to a Tomcat process (the worker) running behind it.
</p>
<p>This page contains detailed description of all workers.properties
directives.
</p>
</li>
<li><a href="../reference/uriworkermap.html"><b>uriworkermap.properties</b></a>
<p>
The forwarding of requests from the web server to tomcat gets configured by defining mapping rules.
The so-called <b>uriworkermap</b> file is a mechanism of defining those rules.
</p>
</li>
<li><a href="../reference/apache.html"><b>Apache</b></a>
<p>This page contains detailed description of all directives related to
Apache web server.
</p>
</li>
<li><a href="../reference/iis.html"><b>IIS</b></a>
<p>This page contains detailed description of all IIS directives.
</p>
</li>
</ul>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Generic HowTo"><strong>Generic HowTo</strong></a></font></td></tr><tr><td><blockquote>
<br>
<ul>
<li><a href="../generic_howto/quick.html"><b>Quick Start</b></a>
<p>This page describes the configuration files used by JK on the
Web Server side for the 'impatients'.
</p>
</li>
<li><a href="../generic_howto/workers.html"><b>All about workers</b></a>
<p>This page contains an overview about the various aspects of defining
and using workers.
</p>
</li>
<li><a href="../generic_howto/timeouts.html"><b>Timeouts</b></a>
<p>This page describes the possible timeout settings you can use.
</p>
</li>
<li><a href="../generic_howto/loadbalancers.html"><b>Load Balancing</b></a>
<p>This page contains an introduction on load balancing with JK.
</p>
</li>
</ul>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Webserver HowTo"><strong>Webserver HowTo</strong></a></font></td></tr><tr><td><blockquote>
<br>
<p>These pages contain detailed descriptions of how to build and
install JK for the various web servers.
</p>
<ul>
<li><a href="../webserver_howto/apache.html"><b>Apache</b></a>
</li>
<li><a href="../webserver_howto/iis.html"><b>IIS</b></a>
</li>
<li><a href="../webserver_howto/nes.html"><b>Netscape/SunOne/Sun</b></a>
</li>
</ul>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="AJP Protocol Reference"><strong>AJP Protocol Reference</strong></a></font></td></tr><tr><td><blockquote>
<br>
<ul>
<li><a href="../ajp/ajpv13a.html"><b>AJPv13</b></a>
<p>This page describes the Apache JServ Protocol version 1.3 (hereafter
<b>ajp13</b>).
</p>
</li>
<li><a href="../ajp/ajpv13ext.html"><b>AJPv13 Extension Proposal</b></a>
<p>This page describes an extension proposal for ajp13.
</p>
</li>
</ul>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Miscellaneous documentation"><strong>Miscellaneous documentation</strong></a></font></td></tr><tr><td><blockquote>
<br>
<ul>
<li><a href="../miscellaneous/faq.html"><b>Frequently asked questions</b></a>
<p>
</p>
</li>
<li><a href="../miscellaneous/changelog.html"><b>Changelog</b></a>
<p>
The FAQ detail the changes made in each version of JK.
</p>
</li>
<li><a href="http://issues.apache.org/bugzilla/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&product=Tomcat+5&component=Native%3AJK&long_desc_type=substring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&keywords_type=allwords&keywords=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailtype1=substring&email1=&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0=">
<b>Current Native:JK bugs</b></a>
<p>This is the Bugzilla Bug List related to Native:JK.
</p>
</li>
<li><a href="../miscellaneous/doccontrib.html"><b>Contribute documentation</b></a>
<p>
This page describes, how to contribute to the JK documentation.
</p>
</li>
<li><a href="../miscellaneous/tools.html"><b>Tools</b></a>
<p>
This page contains information, on some tool scripts contained in the Jk distribution.
</p>
</li>
<li><a href="http://tomcat.apache.org/connectors-doc-archive/jk2/index.html">
<b>Old JK/JK2 documentation archive.</b></a>
<p>Here you can find old JK and JK2 documentation.
</p>
</li>
</ul>
</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="News"><strong>News</strong></a></font></td></tr><tr><td><blockquote>
<br>
<p>Release news from various years.
</p>
<ul>
<li><a href="../news/20070301.html"><b>2007</b></a>
</li>
<li><a href="../news/20060101.html"><b>2006</b></a>
</li>
<li><a href="../news/20050101.html"><b>2005</b></a>
</li>
<li><a href="../news/20041100.html"><b>2004</b></a>
</li>
</ul>
</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
Copyright © 1999-2005, Apache Software Foundation
</em></font></div></td></tr></table></body></html>
|
