On 07/08/2013 12:23, Marvin Lillehaug wrote: > Hi! > We recently got an error report from a user of one of the systems we have > developed, showing that the response from a different request had been > appended to the original response. > The original response was the front page of a site, generated with jsp, and > the appended response was a excel file generated a few seconds earlier. > Our current hypothesis is that some buffer in either httpd(2.2.22) or Tomcat > (7.0.35) has been recycled. > Httpd is connected to Tomcat using http proxypass. > > I have started trying to reproduce the problem, but thought I should try the > mailing lists of both httpd and tomcat before continuing. > What I have done thus far is: concatenating html and excel to verify that it > is possible to open and looks the way the user experienced; building a custom > version of Tomcat that uses the same Processor for each request and > configured to use only one thread. > > This seems a bit similar to the issue described in > http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.12 > (CVE-2011-1475) > Some results when googleling suggests that this could happen when jsp tags > are not coded properly, but I have not found any such code in our > applications. > > Does anyone have any ideas or suggestions?
In order of likelihood: - app bug - Tomcat bug - httpd bug I'd look for code that retains a reference to the request and/or response object or maybe an OutputStream. The usual cause of this type of issue is retaining a reference across requests and re-using the object from the old request rather than the current one. Did the appended response include HTTP headers? If yes, this could just be the result of pipe-lining. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
