tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject Tomcat (v 6.0.32) write response to wrong client socket
Date Wed, 09 Jul 2014 07:43:23 GMT

We got a serious problem on our online banking applications: a user U1 of bank A got to see
the data of another user U2 of another bank B.
It happened only once, bevor and after that went everything well.

The two same online banking applications are running on one instance of tomcat (V.6.0.32)
and have different backend path.

The logs show that the problem muss be not on the side of web application (frondend), backend
and firewall. The senario looks as following:
1.      U1 log on the online banking of bank A and U2 log on the online banking of
bank B, and the two sessions have been running well a while till
2.      later at the exactly same time U1 wanted to see the start page and U2
3.      U1 got to see the false data of the booking detail of U2.
4.         after that the two sessions went further well without any problem

In the access log of the tomcat seems everything went well:

Access log Bank A (U1): - - F862B9AD5DA9AC4A0D38B46D4E5B0D6C [15/Jun/2014:16:03:41 +0200]
HTTP/1.1 GET /finprdcbo/defAccountStartPage.account
?DIRTY=Y&DEFAULT=1&node=STARTSEITE 200 69000 /ebanking/defAccountStatementDetail.account
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0

Access log Bank B (U2): - - 12A6E21F0D6321A95C553B160DBCC9A0 [15/Jun/2014:16:03:40 +0200]
HTTP/1.1 POST /finprdzrb/defAccountStatementOfAccount.account  200 45765 /ebanking/defAccountAssetOverview.account
Mozilla/5.0 (X11; Linux i686;
rv:24.0) Gecko/20100101 Firefox/24.0

But the reponse of the request for booking detail from U 2 was mistakenly sent to U1.  We
cann confirm this by looking into the logs of firewall as

Firewall log of Session U2:
Jun 15 16:04:16  Web-Requests Access m:WR-SG-SUMMARY (https) POST /ebanking/defAccountStatementOfAccount.account
=> , status:<n/a>
, redirection URL:<n/a> , referer:/ebanking/defAccountAssetOverview.account , mapping:blappl-zrb
, request size: 1089 , backend response size: <n/a> , audit
token:308792478954626740 rid:U52nvH8AAAEAAAoy1CIAAAno
sid:384490af19eb229b7f0874b6ef0323c8 ip:  12

Fact :  "backend response size: <n/a>" means there is no reponse from tomcat for the
request of  POST /ebanking/defAccountStatementOfAccount.account and a timeout is trigged

Firewall log of Session U1:
Jun 15 16:03:40  Web-Requests Access SG_child[14145]: m:WR-SG-SUMMARY (https) GET /ebanking/defAccountStartPage.account?DIRTY=Y&DEFAULT=1&node=STARTSEITE
=> , status:200 , redirection
URL:<n/a> , referer:/ebanking/defAccountStatementDetail.account , mapping:blappl-cbo
, request size: 614 , backend response size: 45765 , audit
token:147310158715306970 request total 287469 , allow/deny filters 3780 , backend responsiveness
208455 , response processing 74282 , ICAP reqmod <n/a> , ICAP respmod <n/a> rid:U52nvH8AAAEAAATYu6cAAATi
sid:1dad4372b4a2f67d980e6e195aa954fe ip:  12

Fact: "backend response size: 45765" means the reponse of Request of U2 is mistakenly passed
to U1. See the same size of the response in the access log Bank B

My questions:

1.      Is such a problem (bug) already known?
2.      When will the tomcat access log be written? after sent of response or
3.      how could the problem happen on the side of tomcat?
4.      wo could the problem be hidden otherwise?

Thanks for your help !
Yanchun Yang

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message