tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aurélien Terrestris <aterrest...@gmail.com>
Subject Re: Apache Tomcat/7.0.39 crashed with fatal error
Date Thu, 26 Jan 2017 21:31:23 GMT
Hello

maybe you're just sending cookies with non-compliant characters. Please
check what you're sending if you can reproduce this problem yourself

RFC 6265 says  :

 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash




2017-01-26 22:22 GMT+01:00 Satish Chhatpar 02 <ChhatpS02@cpwplc.com>:

> Yes all of them failed in the same way.
>
>
> # Problematic frame:
> # J  org.apache.http.impl.cookie.BestMatchSpec.formatCookies(
> Ljava/util/List;)Ljava/util/List;
>
>
>
> Regards
>
> Satish Chhatpar
>
>
> ________________________________
> From: Christopher Schultz <chris@christopherschultz.net>
> Sent: Friday, January 27, 2017 2:44:54 AM
> To: Tomcat Users List
> Subject: Re: Apache Tomcat/7.0.39 crashed with fatal error
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Satish,
>
> On 1/26/17 3:42 PM, Satish Chhatpar 02 wrote:
> > Thanks Chris. I appreciate your help.
> >
> > All 4 tomcats are on diff machines. One on each, with same tomcat
> > version, same java version and same OS for all.
>
> Did they all fail in the same way (JVM crash @
> org.apache.http.impl.cookie.BestMatchSpec.formatCookies)?
>
> > Tomcats are not in cluster.
>
> I would highly recommend upgrading the JVM on one of those servers to
> 1.7.latest to see if everything still works. If things go well,
> upgrade all of them.
>
> Then deploy the 1.8.latest to one of them. Tomcat shouldn't have any
> compatibility issues with Java 8, but you will definitely want to test
> everything in your application of course.
>
> - -chris
>
> > ________________________________ From: Christopher Schultz
> > <chris@christopherschultz.net> Sent: Friday, January 27, 2017
> > 1:52:47 AM To: Tomcat Users List Subject: Re: Apache Tomcat/7.0.39
> > crashed with fatal error
> >
> > Satish,
> >
> > On 1/26/17 2:28 PM, Satish Chhatpar 02 wrote:
> >> we are using Apache Tomcat/7.0.39 for our java application.
> >
> > I highly recommend an upgrade for both Tomcat and Java. There are
> > published vulnerabilities for both product versions you are using.
> >
> >> There are 4 tomcat instances using same tomcat version and java
> >> version. yesterday all 4 tomcats crashed with below error in
> >> hs_err_pid log file.
> >
> > All on the same hardware? Or separate machines?
> >
> >> This log file was created for all 4 tomcats.
> >
> >> Its very peculiar behaviour that all 4 crashed around same time.
> >
> > If they are in a cluster, one going down could cause the load on
> > the others to go up, increasing the chances of a problem.
> >
> >> Any information can help us to mitigate this incident.
> >
> >> Apache Tomcat/7.0.39
> >
> > Unless this is a package-managed version of Tomcat with an
> > unfortunately inaccurate version number, that version of Tomcat is
> > nearly 3 years old. The current version in the 7.0.x line is
> > 7.0.75 (released yesterday).
> >
> >> java version "1.7.0_21" Java(TM) SE Runtime Environment (build
> >> 1.7.0_21-b11) Java HotSpot(TM) 64-Bit Server VM (build
> >> 23.21-b01, mixed mode)
> >
> > That version of Java is also nearly 3 years old. Latest 1.7 build
> > is 1.7.0_80 release nearly 3 years ago. Note that Java 7 is no
> > longer supported unless you have a long-term support contract with
> > Oracle, in which case the latest version is 1.7.0_131, released
> > earlier this month.
> >
> >> OS used
> >
> >
> >> Red Hat Enterprise Linux Server release 6.3 (Santiago)
> >
> > Ouch! 5 years old!
> >
> >> # # A fatal error has been detected by the Java Runtime
> >> Environment: # #  SIGSEGV (0xb) at pc=0x00007fed24ecfe9e,
> >> pid=21352, tid=140656275650304 # # JRE version: 7.0_21-b11 #
> >> Java VM: Java HotSpot(TM) 64-Bit Server VM (23.21-b01 mixed mode
> >> linux-amd64 compressed oops) # Problematic frame: # J
> >> org.apache.http.impl.cookie.BestMatchSpec.formatCookies(Ljava/util/Li
> s
> >
> >>
> t;)Ljava/util/List;
> >
> >
> > #
> >> # Failed to write core dump. Core dumps have been disabled. To
> >> enable core dumping, try "ulimit -c unlimited" before starting
> >> Java again # # If you would like to submit a bug report, please
> >> visit: # http://bugreport.sun.com/bugreport/crash.jsp #
> >
> > This is either a JVM bug is a hardware error. Given that the OS if
> > 5 years old, I'm guessing the hardware is at least that old. I'd
> > expect 5-year old hardware to be fairly trustworthy, but it may not
> > have been properly-tested before going into production.
> >
> > If it's all on a single piece of hardware (all 4 Tomcats), I'd
> > blame the hardware and look for a speedy replacement
> > (properly-tested this time). If it was on different machines, I'd
> > suspect a JVM bug.
> >
> > -chris
> >
> > ---------------------------------------------------------------------
> >
> >
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> > ::DISCLAIMER::
> > ______________________________________________________________________
> __________________________________________
> >
> >
> Confidentiality Notice from Dixons Carphone plc (registered in England &
> Wales No.07105905) of 1 Portal Way, London, W3 6RS ("Dixons Carphone").
> The information contained in this e-mail and any attachments may be
> legally privileged, proprietary and/or confidential. If you received
> this e-mail in error, please notify the sender by return, permanently
> delete the e-mail and destroy all hard copies immediately. No warranty
> is made as to the completeness or accuracy of the information contained
> in this e-mail. Opinions, conclusions and statements of intent in this
> e-mail are those of the sender and will not bind any Dixons Carphone
> group company (Dixons Carphone Group) unless confirmed by an authorised
> representative independently of this e-mail. We do not accept
> responsibility for viruses; you must scan for these. E-mails sent to and
> from Dixons Carphone Group are routinely monitored for record keeping,
> quality control, training purposes, to ensure regulatory compliance and
> to prevent viruses and unauthorised use of our computer systems. The
> Carphone Warehouse Limited (registered in England & Wales No.02142673)
> is a member of the Dixons Carphone Group and is authorised and regulated
> by the Financial Conduct Authority.
> > ______________________________________________________________________
> __________________________________________
> >
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYimbOAAoJEBzwKT+lPKRYm3EQAL8Vgr7j8o1IPWtFX9U2v3Ce
> lXgf6b3mLP+DheBMKKidhSArQGzTa0GmYxwQ0NL4Cx0UYrrlXOsVOJWtzpRZpDKh
> Cj0MR9L3pc/2tSiKDCr4f+gxnIfRKrHCJPjU993EQO3WbsqebD85oWEESjJBskVB
> tTzbVQTHSvJYbO7rWigH1gTUPM18AqdgqwW2msnvTeUMZ142OIuvt7FzSLI9sW8E
> hdQLRyi1u9X4kZUO6Ob+q6cbEt81TLE7goJCNZ7B+PJoxRFN7H4TPlPaYIX9sw20
> oOCvySK8dH1BQJ+ufOX+lr8pDpu7vg/PmPCfFcTP705HJioc5G4yI61TIALMq2Qe
> a4FImNYbwm07SKQbTSj16PZZ7mKQZqs4UcqdrwJ5qazZXqhTpwgF/qfeu8c1d8d3
> BuwTkLJa6BM5n5VU37rCucOE4twM/9nFTnAgdB4kbfHxa6pZzXF9sFvTmPvCLBci
> CS/sOcEGbsg1kkHi1iDVFOnhafbG9hGg/alJsnWNJc7XdGXwiL/0Dk64/5HKqAs6
> LT/4AYhG/+bwsuEbIKP2zOt2d9fl7NkaI8LJLLgVoAx/JFcLa3+5K4SoM3xycM/Y
> aq6TEsMM/IsKoApTkTBWzUEK0lCNPC7MzzBdQQ3bZqmm5VYb2zwCU9TgPi6GnxMx
> 66GWAL1NlOVQuffsl8D/
> =Wkrw
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message