[Helma-user] Obscure Error Messages in helma.server.log
Hannes Wallnoefer
hannes at helma.at
Mon Jan 28 11:21:51 CET 2008
2008/1/28, tobias.schaefer at orf.at <tobias.schaefer at orf.at>:
> Thanks Hannes for the explanations of the error messages.
>
> Maybe it was just one of those so-called coïncidences. At least, there was no restarting or rebooting necessary in the meantime.
> (Fingers remain crossed.)
I just tried sending the request with the invalid cookie to
apache2/mod_jk/helma, but didn't see any problems. Of course it may
well depend on the version of apache/mod_jk/jetty, so you can't be
100% sure.
hannes
> Ciao,
> tobi
>
>
> -----Original Message-----
> From: helma-user-bounces at helma.org on behalf of Hannes Wallnoefer
> Sent: Mon 28-Jan-08 10:48
> To: Helma User Mailing List
> Subject: Re: [Helma-user] Obscure Error Messages in helma.server.log
>
> Hi Tobi,
>
> from what you say it may well have been a DOS attack, but the log
> entries do not really give a clear indication.
>
> The Illegal cookie thing obviously tries to use a tomcat ajp13
> connector exploit:
> http://issues.apache.org/bugzilla/show_bug.cgi?id=10383
> I think the fact that jetty logs an error message tells us that it's
> not vulnerable.
>
> The second thing is an error that helma currently throws when there
> are two cookies with the same name. This isn't that uncommon as
> cookies can come with different domains and path names, so I should
> look into this, i.e. it's actually a helma bug that the user gets an
> error page.
>
> Finally, the EOFException in writeResponse() just tells us that the
> client has closed the connection while we were still writing to it,
> i.e. not a big issue at all.
>
> hannes
>
> _______________________________________________
> Helma-user mailing list
> Helma-user at helma.org
> http://helma.org/mailman/listinfo/helma-user
>
>
>
More information about the Helma-user
mailing list