You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/10 22:11:17 UTC

DO NOT REPLY [Bug 25424] New: - Possible DOS attack using Apache/AJP/Tomcat

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25424>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25424

Possible DOS attack using Apache/AJP/Tomcat

           Summary: Possible DOS attack using Apache/AJP/Tomcat
           Product: Tomcat 4
           Version: 4.1.27
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Connector:Coyote JK 2
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: arguins@sympatico.ca


(Sorry for my english...)
Here is my problem...  I have a setup with Apache/AJP13/Tomcat using Coyote
connector.  For a reason that I don't already known, IE send a GET request (an
image file) with a "Content-length" value greater than 0 (zero).  It's seems
that Apache wait forever for the content (specified by the Content-length http
header key)...  The browser wait, wait, wait...  The Apache web server wait,
wait, wait...  Thw browser never receive the result.  When I stop my browser, I
saw in the Apache access log the "GET" request...  

The bug probably occurs when a GET request is made AND the HTTP header contains
a "Content-length" value (> 0).

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org