[ICE-3043] dispatcher forwarding loop - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.7
Fix Version/s: 1.7.1
Component/s: Framework
Labels:
None
Environment:
ICEfaces

Description

Fetching the URL

http://localhost:8080/auctionMonitor/auctionMonitor.jspx

causes extremely hight CPU consumption, possibly until the maximum stack depth is reached.

This could be used as a denial of service attack. Other DOS attacks on ICEfaces are possible, but this one is particularly inexpensive for the attacker because a single HTTP request causes significant CPU load.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Mircea Toma added a comment - 06/May/08 12:11 PM

It looks like D2DViewHandler will delegate *.jspx pages to Sun RI handler which triggers a forward to the same page, thus going into an infinite loop.

Show

Mircea Toma added a comment - 06/May/08 12:11 PM It looks like D2DViewHandler will delegate *.jspx pages to Sun RI handler which triggers a forward to the same page, thus going into an infinite loop.

Hide

Permalink

Mircea Toma added a comment - 14/May/08 4:26 PM

Stop overridding the JSP compiler for *.jspx pages because Sun RI's ViewHandler relies on the JSP compiler to execute them.

Commit #16642 for the trunk.

Show

Mircea Toma added a comment - 14/May/08 4:26 PM Stop overridding the JSP compiler for *.jspx pages because Sun RI's ViewHandler relies on the JSP compiler to execute them. Commit #16642 for the trunk.

People

Assignee:

Unassigned

Reporter:

Ted Goddard

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

01/May/08 4:11 PM

Updated:

07/Jul/08 12:40 PM

Resolved:

14/May/08 4:26 PM