Re: Problem with merged responses - possibly a reused Response or OutputBuffer

Wed, 13 Apr 2011 04:32:19 -0700 

Actually, I saw that notice and tried Tomcat 7.0.12, but saw the same 
behaviour. I should have mentioned that before.
So, I think this is a different issue.

- Chris

On April 13, 2011 07:27:51 am André Warnier wrote:
> Hi.
> 
> An earlier message to this list [[SECURITY] CVE-2011-1475 Apache Tomcat 
> information 
> disclosure] /may/ have something to do with this.
> (It talks only about the HTTP connector, but also about content mixup with 
> async requests, 
> so maybe there is a link)
> 
> Chris Dumoulin wrote:
> > I'm seeing an intermittent problem with my webapp where a request is sent 
> > and the response contains 8184 bytes from some other response followed by 
> > the correct response.
> > 
> > The setup being used is Nginx 0.8.54 reverse proxying to Tomcat 7.0.11.  
> > AJP is the protocol between Nginx and Tomcat.
> > The webapp in Tomcat is doing Servlet 3.0 async requests.
> > 
> > This issue is extremely difficult to reproduce and at this point I'm not 
> > sure if the problem is in the webapp, Tomcat, or Nginx.
> > I know that 8184 bytes is the size of an AJP packet, and in Tomcat's 
> > org.apache.catalina.connector.Response, I see the following code:
> > 
> >         if("AJP/1.3".equals(connector.getProtocol())) {
> >             // default size to size of one ajp-packet
> >             outputBuffer = new OutputBuffer(8184);
> >         }
> > 
> > So, right now I'm following the theory that something is being reused in 
> > Tomcat without having been properly completed or recycled. Obviously it's 
> > most likely that this is an application bug.
> > 
> > Does anyone have any ideas about what kind of problem in the application 
> > could cause this behaviour, or other ideas about what the cause might be?
> > 
> > Thanks,
> > Chris
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to