[Bug 66170] New: change IllegalArgumentException log output

Tue, 19 Jul 2022 03:01:28 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=66170

            Bug ID: 66170
           Summary: change IllegalArgumentException log output
           Product: Tomcat 9
           Version: 9.0.64
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: apa...@resellerdesktop.de
  Target Milestone: -----

ATM we get this output in the logs, when a hacker tries to scan for
vulnerability:

Juli 19, 2022 11:45:22 VORM. org.apache.coyote.http11.Http11Processor service
INFORMATION: Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at
DEBUG level.
java.lang.IllegalArgumentException: Ungültiges Zeichen im Methodennamen
[ep.zyxel80;rm+-rf+arm7%3b%23&remoteSubmit=Save0x0d0x0a0x0d0x0a...] gefunden.
HTTP Methodennamen müssen Token sein
        at
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:419)
        at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:271)
        at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
        at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1787)
        at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
        at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
        at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Thread.java:829)


This is as helpfull as a rotten tomato, because:

a) Nobody cares for this stacktrace, the error message is important.

b) the offending IP is not logged, so you can't defend the server against that
attacker.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to