You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2020/07/16 09:57:30 UTC
[Bug 64606] New: Note The full stack trace of the root cause is
available in the server logs.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64606
Bug ID: 64606
Summary: Note The full stack trace of the root cause is
available in the server logs.
Product: Tomcat 9
Version: 9.0.35
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Servlet
Assignee: dev@tomcat.apache.org
Reporter: 13218138002@163.com
Target Milestone: -----
HTTP Status 400 – Bad Request
Type Exception Report
Message Invalid character found in the request target. The valid characters are
defined in RFC 7230 and RFC 3986
Description The server cannot or will not process the request due to something
that is perceived to be a client error (e.g., malformed request syntax, invalid
request message framing, or deceptive request routing).
Exception
java.lang.IllegalArgumentException: Invalid character found in the request
target. The valid characters are defined in RFC 7230 and RFC 3986
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:489)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:748)
Note The full stack trace of the root cause is available in the server logs.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64606] Note The full stack trace of the root cause is available
in the server logs.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64606
--- Comment #2 from mengjisheng <13...@163.com> ---
(In reply to Mark Thomas from comment #1)
> Bugzilla is not a support forum. Please use the users mailing list.
When a user enters an incorrect URL on the page, Tomcat displays the abnormal
stack on the page for external users. External users can obtain the call chain
information of our services. Therefore, we consider this a security
vulnerability.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64606] Note The full stack trace of the root cause is available
in the server logs.
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64606
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Bugzilla is not a support forum. Please use the users mailing list.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org