2 Replies Latest reply on Mar 17, 2003 2:43 PM by Sacha Labourey

    Denial of Service in Tomcat Cookie handling

    Dennis Cartier Newbie

      Hi Guys,

      I have run across a situation a couple of times now that results in the operation of my cluster being severely impacted. When a bad cookie comes into 1 of the nodes, it crashes the coyote connector like so:

      java.lang.IllegalArgumentException: Cookie name 7~?at1 is a reserved token
      at javax.servlet.http.Cookie.(Cookie.java:185)
      at org.apache.coyote.tomcat4.CoyoteAdapter.parseCookies(CoyoteAdapter.java:402)
      at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:306)
      at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221)
      at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
      at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
      at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:632)
      at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:590)
      at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:707)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:530)
      at java.lang.Thread.run(Thread.java:536)

      Then the request is moved to antoher node and crashes it, and so, and so on. The request just keeps circling killing all the coyote's it encounters.

      The only way I have found to deal with this is to restart all the nodes of the cluster when this occurs. I am not sure how this can be prevented. The requests seem to circle for ever, and never seems to die.

      Background:

      cluster running
      - JBoss 3.0.6
      - Tomcat 4.1.18
      - mod_jk 1.2.2

      I asked the Tomcat-User list this same question a month ago, but got zero replies. Does anyone here have an idea?

      Thanks,

      Dennis