tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: KPMG-2002003: Bea Weblogic DOS-device Denial of Service
Date Wed, 09 Jan 2002 17:55:04 GMT
NUL is about the only case-sensitive one in NT/W2K.
----- Original Message -----
From: "Remy Maucherat" <remm@apache.org>
To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Sent: Wednesday, January 09, 2002 3:49 AM
Subject: Re: KPMG-2002003: Bea Weblogic DOS-device Denial of Service


> > > A quick test of Tomcat 4.0.1 returned a blank page
> > > without hanging.
> >
> > I just tried, and the HEAD returned a 404 page for /aux.jsp or /AUX.jsp
(I
> > didn't get a blank page; is that what I was supposed to test ?). I
> supppose
> > the filesystem abstraction prevented the DoS bug.
>
> After more testing, it appears nul behaves in a special way (I have no
idea
> why).
> /NUL.jsp appears to return a 200 with a content length of 0 (that's a
blank
> page)
> /nul.jsp returns a 500 (Jasper trying to load a non existing class)
>
> In neither cases Tomcat did hang of did it kill one of the processing
> threads. All the other device names I tried (aux and AUX, COM1, LPT1, CON)
> returned a 404.
> Any ideas why nul is different ?
>
> Remy
>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-dev-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message