Hi.
An earlier message to this list [[SECURITY] CVE-2011-1475 Apache Tomcat information
disclosure] /may/ have something to do with this.
(It talks only about the HTTP connector, but also about content mixup with async requests,
so maybe there is a link)
Chris Dumoulin wrote:
I'm seeing an intermittent problem with my webapp where a request is sent and
the response contains 8184 bytes from some other response followed by the
correct response.
The setup being used is Nginx 0.8.54 reverse proxying to Tomcat 7.0.11. AJP is
the protocol between Nginx and Tomcat.
The webapp in Tomcat is doing Servlet 3.0 async requests.
This issue is extremely difficult to reproduce and at this point I'm not sure
if the problem is in the webapp, Tomcat, or Nginx.
I know that 8184 bytes is the size of an AJP packet, and in Tomcat's
org.apache.catalina.connector.Response, I see the following code:
if("AJP/1.3".equals(connector.getProtocol())) {
// default size to size of one ajp-packet
outputBuffer = new OutputBuffer(8184);
}
So, right now I'm following the theory that something is being reused in Tomcat
without having been properly completed or recycled. Obviously it's most likely
that this is an application bug.
Does anyone have any ideas about what kind of problem in the application could
cause this behaviour, or other ideas about what the cause might be?
Thanks,
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
