tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 42298] New: - Malformed request causes CPU overload
Date Mon, 30 Apr 2007 14:51:33 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42298>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42298

           Summary: Malformed request causes CPU overload
           Product: Tomcat 5
           Version: 5.5.17
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: andrew.chapman@brighterworking.com


I was posting some XML to a servlet running under Tomcat as part of some junit
testing. Unfortunately, I got the content-length parameter of the request wrong
(too short) in all the junit test posts.

This wouldn't be anything to worry about except that it caused one thread of the
Tomcat server to go to 100% CPU usage and stay there until I did a shutdown.sh
on Tomcat (over an hour). This would be ideal for a DoS attack.

>From the access log (fast common access valve version) the overhang of the
content of one post was being taken as the beginning of the next post so I had
posts which started with odd things (URL encoded XML tags in this case). I am
not sure if this is what caused the problem (i.e. URL encoded <,>  or /
characters at the beginning of the post content).

Of course it could just be that my servlet went into an infinite loop, but I
couldn't see any evidence of that.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message