mentby.com
Blog | Jobs | Help | Signup | Login
loading chart...


loading

Fix CVE tomcat 6.0.18 with out upgrade

Wed, 08 May 2013 10:38:35 -0700 Post Comments

Then upgrade, but keep it within the Tomcat 6.0.x versions.  Going up to
6.0.37 should be perfectly safe.   Put up a test env and try it.

--David

Attacks in Apache servers

Thu, 02 May 2013 10:39:30 -0700 Post Comments

I think the vulnerability is limited to versions that support the options r and -f.  ;-)

-- Davi

NullPointerException during servlet.service()

Mon, 20 Feb 2012 08:58:21 -0800 Post Comments

Hello all,

One of my client put a several bug in its tomcat prod server but I have juste the following stacktrace
And I have no idea where it may come (unknow scenario, user action performed …)

Any idea ?

2012-02-15 16:04:56,722 ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/Opera2].[jsp] - "Servlet.service()" pour la servlet jsp a lancé une exception
java.lang.NullPointerException
                at org.apache.catalina.connector.OutputBuffer.realWriteChars(OutputBuffer.java:535)
                at org.apache.tomcat.util.buf.CharChunk.flushBuffer(CharChunk.java:438)
                at org.apache.tomcat.util.buf.CharChunk.append(CharChunk.java:290)
                at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:456)
                at org.apache.catalina.connector.CoyoteWriter.write(CoyoteWriter.java:143)
                at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:277)
                at java.io.PrintWriter.write(Unknown Source)
                at org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:119)
                at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:326)
                at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:342)
                at org.apache.jsp.navigation.menubar.menubar_jsp._jspService(menubar_jsp.java:725)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
                at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:584)
                at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:497)
                at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:965)
                at org.apache.jsp.navigation.dashboard.dashboard_jsp._jspService(dashboard_jsp.java:182)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
                at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461)
                at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:399)
                at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
                at com.edeal.frontline.controller.ControllerServlet.forwardTo(ControllerServlet.java:326)
                at com.edeal.frontline.controller.ControllerServlet.processForward(ControllerServlet.java:615)
                at com.edeal.frontline.controller.ControllerServlet.processForward(ControllerServlet.java:588)
                at com.edeal.frontline.controller.ControllerServlet.processAction(ControllerServlet.java:311)
                at com.edeal.frontline.controller.ControllerServlet.perform(ControllerServlet.java:200)
                at com.edeal.frontline.controller.ControllerServlet.doGet(ControllerServlet.java:112)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
                at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461)
                at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:399)
                at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
                at org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java:686)
                at org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:656)
                at org.apache.jsp.index_jsp._jspService(index_jsp.java:45)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
                at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
                at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
                at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
                at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
                at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
                at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
                at java.lang.Thread.run(Unknown Source)
2012-02-15 16:04:56,722 ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/Opera2].[jsp] - "Servlet.service()" pour la servlet jsp a lancé une exception
java.lang.NullPointerException
                at org.apache.catalina.connector.OutputBuffer.realWriteChars(OutputBuffer.java:535)
                at org.apache.tomcat.util.buf.CharChunk.flushBuffer(CharChunk.java:438)
                at org.apache.tomcat.util.buf.CharChunk.append(CharChunk.java:290)
                at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:456)
                at org.apache.catalina.connector.CoyoteWriter.write(CoyoteWriter.java:143)
                at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:277)
                at java.io.PrintWriter.write(Unknown Source)
                at org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:119)
                at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:326)
                at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:342)
                at org.apache.jsp.navigation.menubar.menubar_jsp._jspService(menubar_jsp.java:725)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
                at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:584)
                at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:497)
                at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:965)
                at org.apache.jsp.navigation.dashboard.dashboard_jsp._jspService(dashboard_jsp.java:182)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
                at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461)
                at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:399)
                at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
                at com.edeal.frontline.controller.ControllerServlet.forwardTo(ControllerServlet.java:326)
                at com.edeal.frontline.controller.ControllerServlet.processForward(ControllerServlet.java:615)
                at com.edeal.frontline.controller.ControllerServlet.processForward(ControllerServlet.java:588)
                at com.edeal.frontline.controller.ControllerServlet.processAction(ControllerServlet.java:311)
                at com.edeal.frontline.controller.ControllerServlet.perform(ControllerServlet.java:200)
                at com.edeal.frontline.controller.ControllerServlet.doGet(ControllerServlet.java:112)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
                at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
                at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461)
                at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:399)
                at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
                at org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java:686)
                at org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:656)
                at org.apache.jsp.index_jsp._jspService(index_jsp.java:45)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
                at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
                at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
                at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
                at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
                at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
                at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
                at java.lang.Thread.run(Unknown Source)

At first blush it appears menubar.jsp attempted something with a variable, but the variable was null.  I would recommend you track down what variable and how it ended up being null.  If it's valid to be null, the jsp should check it before trying to access it.

-- David
RSS Logo Subscribe to RSS
Group(s)
Recent discussion with
Profile Widget
Copy and paste this HTML code to your blog or website: