[Bug 62981] New: NPE+DoS Deadlock in CharChunk.java:256

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 62981] New: NPE+DoS Deadlock in CharChunk.java:256

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62981

            Bug ID: 62981
           Summary: NPE+DoS Deadlock in CharChunk.java:256
           Product: Tomcat 8
           Version: 8.5.30
          Hardware: PC
            Status: NEW
          Severity: major
          Priority: P2
         Component: Util
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ----

Received this message in the logs:

05-Dec-2018 17:28:37.075 FINE [ajp-nio-8009-exec-8]
com.sotacms.server.cms.extra.seo.DefaultSEOTranslationContributor.fastMayBot
Agent requests language: null
05-Dec-2018 17:56:54.121 SEVERE [https-jsse-nio-443-exec-10]
org.apache.coyote.http11.Http11Processor.service Error processing request
 java.lang.NullPointerException
        at org.apache.tomcat.util.buf.CharChunk.append(CharChunk.java:256)
        at org.apache.catalina.mapper.Mapper.map(Mapper.java:694)
        at
org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:679)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
        at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
        at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

05-Dec-2018 19:08:05.648 FINER [https-jsse-nio-443-exec-2]
com.sotacms.server.cms.extra.seo.DefaultSEOTranslationContributor.fastMayBot
Agent is Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/70.0.3538.110 Safari/537.36

Resulting in a deadlock causing a DoS. Service must be restarted. Seems to be
not an DoS attack.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62981] NPE+DoS Deadlock in CharChunk.java:256

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62981

Remy Maucherat <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Remy Maucherat <[hidden email]> ---
The NPE is because there is no default host configured. The rest cannot be
investigated and is not Tomcat code. Potential security issues in Tomcat MUST
be reported using the security and not a public BZ.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 62981] NPE+DoS Deadlock in CharChunk.java:256

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=62981

--- Comment #2 from Peter Rader <[hidden email]> ---
Confirmed! Thank you for attention.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]