You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/05/12 23:32:31 UTC

DO NOT REPLY [Bug 19871] New: - When above URI is entered Default-Servlet raises Exception

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19871>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19871

When above URI is entered Default-Servlet raises Exception

           Summary: When above URI is entered Default-Servlet raises
                    Exception
           Product: Tomcat 4
           Version: 4.1.24
          Platform: PC
               URL: /scripts/..%c1%9c../winnt/system32/cmd.exe
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Servlet & JSP API
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: jaBernet@gmx.ch


Following exact Stacktrace is returned:

java.lang.NullPointerException
at java.io.File.(File.java(Compiled Code))
at org.apache.naming.resources.FileDirContext.file(FileDirContext.java(Compiled 
Code))
at org.apache.naming.resources.FileDirContext.getAttributes(FileDirContext.
java(Compiled Code))
at org.apache.naming.resources.BaseDirContext.getAttributes(BaseDirContext.
java(Compiled Code))
at org.apache.naming.resources.ProxyDirContext.cacheLoad(ProxyDirContext.java:
1491)
at org.apache.naming.resources.ProxyDirContext.cacheLookup(ProxyDirContext.
java(Compiled Code))
at org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:300)
at org.apache.catalina.servlets.DefaultServlet$ResourceInfo.set(DefaultServlet.
java:2267)
at org.apache.catalina.servlets.DefaultServlet$ResourceInfo.(DefaultServlet.
java:2219)
at org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.
java:921)
at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:506)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.
internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.
doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.
java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java(Compiled Code))
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java(Compiled 
Code))
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:
246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java(Compiled Code))
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java(Compiled 
Code))
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.
java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java(Compiled Code))
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java(Compiled 
Code))
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java(Compiled Code))
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java(Compiled 
Code))
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.
processConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.
java(Compiled Code))
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.
java:619)
at java.lang.Thread.run(Thread.java:566)


I think the URL comes from an IIS exploid.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org