Marvin.Lillehaug at kantega
Aug 7, 2013, 3:23 AM
Post #1 of 1
(22 views)
Permalink
|
|
Responses of two different requests concatinated
|
|
Hi!
We recently got an error report from a user of one of the systems we have developed, showing that the response from a different request had been appended to the original response.
The original response was the front page of a site, generated with jsp, and the appended response was a excel file generated a few seconds earlier.
Our current hypothesis is that some buffer in either httpd(2.2.22) or Tomcat (7.0.35) has been recycled.
Httpd is connected to Tomcat using http proxypass.
I have started trying to reproduce the problem, but thought I should try the mailing lists of both httpd and tomcat before continuing.
What I have done thus far is: concatenating html and excel to verify that it is possible to open and looks the way the user experienced; building a custom version of Tomcat that uses the same Processor for each request and configured to use only one thread.
This seems a bit similar to the issue described in http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.12 (CVE-2011-1475)
Some results when googleling suggests that this could happen when jsp tags are not coded properly, but I have not found any such code in our applications.
Does anyone have any ideas or suggestions?
Thanks and regards,
Marvin B. Lillehaug
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd
|
