My workplace is doing penetration testing on our Confluence site and the Confluence logs are filling up with these:
-------------------------- Parameters -------------------------- caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) 2014-01-27 17:26:47,882 ERROR [http-8080-58] [[Catalina].[localhost].[/confluence].[file-server]] log Servlet.service() for servlet file-server threw exception -- url: /confluence/s/en_GB-1988229788/4527/660525579de30883af214a8e1a751cb99357bcff.33/2.2.2.Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n/_/download/resources | userName: anonymous | referer: http://confluence.example.com:80/confluence/ java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at java.lang.String.substring(String.java:1904) at com.atlassian.plugin.webresource.SingleDownloadableResourceBuilder.parse(SingleDownloadableResourceBuilder.java:51)
The only way I've found to recover from this is to "kill -9" the tomcat process, and restart the whole thing.
Is there a way to prevent these kinds of malformed URLs from apparently knocking over the server? We haven't yet gotten the full report from the penetration testing, but it sounds like it's going to be a doozy. :-)
I attended Atlassian Summit 2019 and learned a lot from the presenters, attendees and knowledgeable Atlassian product managers. The presentations I attended focused on applying Agile, pla...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events