[Helma-user] Obscure Error Messages in helma.server.log
Hannes Wallnoefer
hannes at helma.at
Mon Jan 28 10:48:28 CET 2008
Hi Tobi,
from what you say it may well have been a DOS attack, but the log
entries do not really give a clear indication.
The Illegal cookie thing obviously tries to use a tomcat ajp13
connector exploit:
http://issues.apache.org/bugzilla/show_bug.cgi?id=10383
I think the fact that jetty logs an error message tells us that it's
not vulnerable.
The second thing is an error that helma currently throws when there
are two cookies with the same name. This isn't that uncommon as
cookies can come with different domains and path names, so I should
look into this, i.e. it's actually a helma bug that the user gets an
error page.
Finally, the EOFException in writeResponse() just tells us that the
client has closed the connection while we were still writing to it,
i.e. not a big issue at all.
hannes
2008/1/26, tobias.schaefer at orf.at <tobias.schaefer at orf.at>:
>
>
>
> Hello on this beautiful Saturday evening
>
> Today I had to restart the Helma installation of antville.org for the
> second time already
>
> The first it time was not even possible before a very reboot of the
> machine: everytime I restarted Helma, I got a 404 from Jetty telling me the
> worker path mapped for mod_jk2 would not exist... Of course I also tried to
> restart Apache and even MySQL as well in any sequence you can imagine. Same
> error.
>
> In the helma.server.log file some pretty obscure messages do appear; could
> these be related to the troubles?
> http://tobi.antville.org/static/tobi/files/helma.server
>
> Ciao,
> tobi
>
>
> _______________________________________________
> Helma-user mailing list
> Helma-user at helma.org
> http://helma.org/mailman/listinfo/helma-user
>
>
More information about the Helma-user
mailing list