axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ladislav Lencucha (JIRA)" <>
Subject [jira] [Commented] (AXIS2-5440) Tomcat using 100% CPU when application/json (JSONMessageFormatter) is used
Date Sun, 28 Oct 2012 07:03:13 GMT


Ladislav Lencucha commented on AXIS2-5440:


ok. So what now?

1.  haven't tested with tcpmon, but in Chrome and Firefox debug console I clearly see:
Request URL:http://localhost:8080/SuiteConsoleServer/services/rest/getAgent?agent=0223938
Request Method:GET
2. I need to call the webservice from within web browser (as you can see using jquery), do
I have an option to force GET when you say it is in fact OPTION? (note that I don't believe
it is sending OPTION)
3. I don't have a problem with content type mapping - I was able to generate request header
with the same cpu consuming result as above that contains:
Accept:application/json, text/javascript, */*; q=0.01
4. Yes, I am and always was able to generate the xml file, if the content type is e.g. application/xml.
The only problem is with application/json where it hangs (and therefore I think it is not
a problem of GET vs OPTION), because it is called within the same web browser with only different
Accept header.

Anyway, I find it a very easy way for a potentiall attacker to deplete the cpu and do some
kind of dos easier.

> Tomcat using 100% CPU when application/json (JSONMessageFormatter) is used
> --------------------------------------------------------------------------
>                 Key: AXIS2-5440
>                 URL:
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.6.0, 1.6.2
>         Environment: Apache Tomcat/6.0.35	1.6.0_21-b07	Sun Microsystems Inc.	Windows
7	6.1	x86
>            Reporter: Ladislav Lencucha
>              Labels: JSON
>         Attachments: axis2.xml, ConsoleServer.aar,
> I am trying to connect to my webservice using GET + JSON.
> I've added JSONMessageFormatter and JSONOMBuilder for "application/json" content type.
> When I try to call the webservice using jQuery and HTTP GET with content type "application/xml"
I receive the response almost immediately (note that there is a jQuery error raised afterwards,
because Xml cannot be parsed as JSON).
> When I try to call the webservice using the same code but with content type "application/json"
there is no response and Tomcat uses 100% of CPU (there are also some messages in log file
mentioning that it should have ended).
> See my aar file and jQuery example attached. Also see my axis2.xml configuration.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message