You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2018/12/05 18:21:13 UTC
[Bug 62981] New: NPE+DoS Deadlock in CharChunk.java:256
https://bz.apache.org/bugzilla/show_bug.cgi?id=62981
Bug ID: 62981
Summary: NPE+DoS Deadlock in CharChunk.java:256
Product: Tomcat 8
Version: 8.5.30
Hardware: PC
Status: NEW
Severity: major
Priority: P2
Component: Util
Assignee: dev@tomcat.apache.org
Reporter: p.rader@gmx.net
Target Milestone: ----
Received this message in the logs:
05-Dec-2018 17:28:37.075 FINE [ajp-nio-8009-exec-8]
com.sotacms.server.cms.extra.seo.DefaultSEOTranslationContributor.fastMayBot
Agent requests language: null
05-Dec-2018 17:56:54.121 SEVERE [https-jsse-nio-443-exec-10]
org.apache.coyote.http11.Http11Processor.service Error processing request
java.lang.NullPointerException
at org.apache.tomcat.util.buf.CharChunk.append(CharChunk.java:256)
at org.apache.catalina.mapper.Mapper.map(Mapper.java:694)
at
org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:679)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
05-Dec-2018 19:08:05.648 FINER [https-jsse-nio-443-exec-2]
com.sotacms.server.cms.extra.seo.DefaultSEOTranslationContributor.fastMayBot
Agent is Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/70.0.3538.110 Safari/537.36
Resulting in a deadlock causing a DoS. Service must be restarted. Seems to be
not an DoS attack.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62981] NPE+DoS Deadlock in CharChunk.java:256
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62981
--- Comment #2 from Peter Rader <p....@gmx.net> ---
Confirmed! Thank you for attention.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62981] NPE+DoS Deadlock in CharChunk.java:256
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62981
Remy Maucherat <re...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Remy Maucherat <re...@apache.org> ---
The NPE is because there is no default host configured. The rest cannot be
investigated and is not Tomcat code. Potential security issues in Tomcat MUST
be reported using the security and not a public BZ.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org