[ICE-3043] dispatcher forwarding loop - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.7
Fix Version/s: 1.7.1
Component/s: Framework
Labels:
None
Environment:
ICEfaces

Description

Fetching the URL

http://localhost:8080/auctionMonitor/auctionMonitor.jspx

causes extremely hight CPU consumption, possibly until the maximum stack depth is reached.

This could be used as a denial of service attack. Other DOS attacks on ICEfaces are possible, but this one is particularly inexpensive for the attacker because a single HTTP request causes significant CPU load.

Activity

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#16643	Wed May 14 15:24:05 MDT 2008	mircea.toma	Stop overridding the JSP compiler for *.jspx pages because Sun RI's ViewHandler relies on the JSP compiler to execute them. ~~ICE-3043~~
				Files Changed
				MODIFY /icefaces/branches/icefaces-1.7/icefaces/samples/tutorial/dragdrop2/web/WEB-INF/web.xml MODIFY /icefaces/branches/icefaces-1.7/icefaces/samples/tutorial/basicInputText/web/WEB-INF/web.xml MODIFY /icefaces/branches/icefaces-1.7/icefaces/samples/auctionMonitor/config/web.sunri.icefaces.ce.xml MODIFY /icefaces/branches/icefaces-1.7/icefaces/core/src/com/icesoft/faces/application/ProductInfo.java MODIFY /icefaces/branches/icefaces-1.7/icefaces/samples/tutorial/dragdrop1/web/WEB-INF/web.xml MODIFY /icefaces/branches/icefaces-1.7/icefaces/samples/tutorial/effects1/web/WEB-INF/web.xml MODIFY /icefaces/branches/icefaces-1.7/icefaces/samples/tutorial/effects2/web/WEB-INF/web.xml

People

Assignee:

Unassigned

Reporter:

Ted Goddard

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

01/May/08 4:11 PM

Updated:

07/Jul/08 12:40 PM

Resolved:

14/May/08 4:26 PM