[Bug 55930] New: the backlog attribute of http bio connector does not work
https://issues.apache.org/bugzilla/show_bug.cgi?id=55930 Bug ID: 55930 Summary: the backlog attribute of http bio connector does not work Product: Tomcat 7 Version: 7.0.47 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: chain...@gmail.com Created attachment 31153 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31153&action=edit in war file ,the servlet named indextest will sleep 60s Hi, I find a bug of http bio connector,you will find it in flowing steps: 1.set tomcat connector like this: 2. deploy attach war file:test.war 3. use LR or JMeter send 3 requests: http://localhost:8080/test/indextest 4. use command jstack print current thread stack NOTE: now the main thread stack like this: "main" prio=6 tid=0x002aac00 nid=0x2e08 runnable [0x0025f000] java.lang.Thread.State: RUNNABLE at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:408) - locked <0x242cbaa8> (a java.net.SocksSocketImpl) at java.net.ServerSocket.implAccept(ServerSocket.java:462) at java.net.ServerSocket.accept(ServerSocket.java:430) at org.apache.catalina.core.StandardServer.await(StandardServer.java:452) at org.apache.catalina.startup.Catalina.await(Catalina.java:779) at org.apache.catalina.startup.Catalina.start(Catalina.java:725) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:456) It state is RUNNABLE, not like xxxPark, it's not waiting for condition. In another words, the main thread should not entering the ServerSoccket.accept() method when the backlog works. It must reject the request. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55931] New: Security: Tomcat7 opens 2 additional random ports that listen for all IPs when JMX is enabled
https://issues.apache.org/bugzilla/show_bug.cgi?id=55931
Bug ID: 55931
Summary: Security: Tomcat7 opens 2 additional random ports that
listen for all IPs when JMX is enabled
Product: Tomcat 7
Version: 7.0.47
Hardware: Other
OS: other
Status: NEW
Severity: major
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: michael_fur...@hotmail.com
I run 7.0.47 using Java 1.7.0_45-b18 on Centos6.
I enabled JMX using the following options:
CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=9123
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=true"
Unfortunately, when I check what ports are opened I discover 2 additional
random ports:
netstat -plunt | grep java
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp0 0 :::60555:::*
LISTEN 22752/java
tcp0 0 :::127.0.0.1:8080 :::*
LISTEN 22752/java
tcp0 0 :::9123 :::*
LISTEN 22752/java
tcp0 0 :::40867:::*
LISTEN 22752/java
Please note that each restart only configured ports 8080 and 9123 remains same,
and two additional ports change values.
It is security problem, since Tomcat listen for all IPs.
Why JMX in Tomcat opens 2 additional ports?
How can I configure these ports?
How can I configure `:::127.0.0.1` will appear before all ports opened by
JMX?
I have configured JmxRemoteLifecycleListener
http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#JMX_Remote_Lifecycle_Listener_-_org.apache.catalina.mbeans.JmxRemoteLifecycleListener
Using the following configuration:
In this case only one random port (60714 in the list below) appears:
tcp 0 0 :::127.0.0.1:8080 :::*
tcp 0 0 :::127.0.0.1:10002 :::*
tcp 0 0 :::127.0.0.1:9123 :::*
tcp 0 0 :::60714 :::*
Why JMX in Tomcat opens 1 additional port?
How can I configure the port?
How can I configure `:::127.0.0.1` will appear before all ports opened by
JMX?
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1553387 - /tomcat/trunk/webapps/docs/changelog.xml
Author: jboynes Date: Wed Dec 25 14:52:10 2013 New Revision: 1553387 URL: http://svn.apache.org/r1553387 Log: fix typo Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1553387&r1=1553386&r2=1553387&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Wed Dec 25 14:52:10 2013 @@ -192,7 +192,7 @@ removed. (jboynes) -Chnage ordering of elements of JMX objects names so components are +Change ordering of elements of JMX objects names so components are grouped more logically in JConsole. Generally, components are now grouped by Host and then by Context. (markt) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55931] Security: Tomcat7 opens 2 additional random ports that listen for all IPs when JMX is enabled
https://issues.apache.org/bugzilla/show_bug.cgi?id=55931 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Mark Thomas --- That is how JMX works. It is controlled by the JVM, not Tomcat. If you want greater control of those ports, use the JMXLifecylceListener in JMXREmote.jar from the extras package. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55930] the backlog attribute of http bio connector does not work
https://issues.apache.org/bugzilla/show_bug.cgi?id=55930 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID OS||All --- Comment #1 from Mark Thomas --- That thread has nothing to do with request handling. If you require further explanations, please use the users mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1553414 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/proxy-howto.xml
Author: kkolinko Date: Wed Dec 25 20:28:34 2013 New Revision: 1553414 URL: http://svn.apache.org/r1553414 Log: CTR: documentation Merged r1526470 from tomcat/tc7.0.x/trunk: Fix broken link to HTTP connector in the Proxy HowTo, as reported on the users list. Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/webapps/docs/proxy-howto.xml Propchange: tomcat/tc6.0.x/trunk/ -- Merged /tomcat/trunk:r1526469 Merged /tomcat/tc7.0.x/trunk:r1526470 Modified: tomcat/tc6.0.x/trunk/webapps/docs/proxy-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/proxy-howto.xml?rev=1553414&r1=1553413&r2=1553414&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/proxy-howto.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/proxy-howto.xml Wed Dec 25 20:28:34 2013 @@ -38,7 +38,7 @@ Using standard configurations of Tomcat, web applications can ask for the server name and port number to which the request was directed for processing. When Tomcat is running standalone with the -Coyote HTTP/1.1 Connector, it will generally +HTTP/1.1 Connector, it will generally report the server name specified in the request, and the port number on which the Connector is listening. The servlet API calls of interest, for this purpose, are: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1553415 - in /tomcat/site/trunk: docs/security-4.html docs/security-5.html docs/security-6.html xdocs/security-4.xml xdocs/security-5.xml xdocs/security-6.xml
Author: kkolinko Date: Wed Dec 25 20:55:43 2013 New Revision: 1553415 URL: http://svn.apache.org/r1553415 Log: Correct one more typo noted when reviewing r1520260 Modified: tomcat/site/trunk/docs/security-4.html tomcat/site/trunk/docs/security-5.html tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/xdocs/security-4.xml tomcat/site/trunk/xdocs/security-5.xml tomcat/site/trunk/xdocs/security-6.xml Modified: tomcat/site/trunk/docs/security-4.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-4.html?rev=1553415&r1=1553414&r2=1553415&view=diff == --- tomcat/site/trunk/docs/security-4.html (original) +++ tomcat/site/trunk/docs/security-4.html Wed Dec 25 20:55:43 2013 @@ -623,7 +623,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/docs/security-5.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1553415&r1=1553414&r2=1553415&view=diff == --- tomcat/site/trunk/docs/security-5.html (original) +++ tomcat/site/trunk/docs/security-5.html Wed Dec 25 20:55:43 2013 @@ -1240,7 +1240,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1553415&r1=1553414&r2=1553415&view=diff == --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Wed Dec 25 20:55:43 2013 @@ -1507,7 +1507,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/xdocs/security-4.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-4.xml?rev=1553415&r1=1553414&r2=1553415&view=diff == --- tomcat/site/trunk/xdocs/security-4.xml (original) +++ tomcat/site/trunk/xdocs/security-4.xml Wed Dec 25 20:55:43 2013 @@ -272,7 +272,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain senstive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers. Modified: tomcat/site/trunk/xdocs/security-5.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1553415&r1=1553414&r2=1553415&view=diff == --- tomcat/site/trunk/xdocs/security-5.xml (original) +++ tomcat/site/trunk/xdocs/security-5.xml Wed Dec 25 20:55:43 2013 @@ -699,7 +699,7 @@ process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which - content-length leader to use an attacker can poison a web-cache, perform + content-length header to use an attacker can poison a web-cache, perform an XSS attack and o
[Bug 55933] New: tomcat hangs when try to request wsdl defination from jax-ws
https://issues.apache.org/bugzilla/show_bug.cgi?id=55933 Bug ID: 55933 Summary: tomcat hangs when try to request wsdl defination from jax-ws Product: Tomcat 8 Version: trunk Hardware: PC Status: NEW Severity: major Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: szczerb...@126.com Tomcat cannot return from read(), and web service cannot return from write(). My web service is listening port 8440. When I tried to find out what's in the tcp/ip package by setting up a port mapping(Tomcat try to connect port 8640 instead, and a simple application transmit all packages from 8640 to 8440), the problem is gone! Also there is no such problem when I try to read wsdl from web broswer or install the web page project into web sphere. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
