tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Problem with merged responses - possibly a reused Response or OutputBuffer
Date Wed, 13 Apr 2011 11:27:51 GMT

An earlier message to this list [[SECURITY] CVE-2011-1475 Apache Tomcat information 
disclosure] /may/ have something to do with this.
(It talks only about the HTTP connector, but also about content mixup with async requests,

so maybe there is a link)

Chris Dumoulin wrote:
> I'm seeing an intermittent problem with my webapp where a request is sent and the response
contains 8184 bytes from some other response followed by the correct response.
> The setup being used is Nginx 0.8.54 reverse proxying to Tomcat 7.0.11.  AJP is the protocol
between Nginx and Tomcat.
> The webapp in Tomcat is doing Servlet 3.0 async requests.
> This issue is extremely difficult to reproduce and at this point I'm not sure if the
problem is in the webapp, Tomcat, or Nginx.
> I know that 8184 bytes is the size of an AJP packet, and in Tomcat's org.apache.catalina.connector.Response,
I see the following code:
>         if("AJP/1.3".equals(connector.getProtocol())) {
>             // default size to size of one ajp-packet
>             outputBuffer = new OutputBuffer(8184);
>         }
> So, right now I'm following the theory that something is being reused in Tomcat without
having been properly completed or recycled. Obviously it's most likely that this is an application
> Does anyone have any ideas about what kind of problem in the application could cause
this behaviour, or other ideas about what the cause might be?
> Thanks,
> Chris
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message