My workplace is doing penetration testing on our Confluence site and the Confluence logs are filling up with these:
-------------------------- Parameters -------------------------- caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) 2014-01-27 17:26:47,882 ERROR [http-8080-58] [[Catalina].[localhost].[/confluence].[file-server]] log Servlet.service() for servlet file-server threw exception -- url: /confluence/s/en_GB-1988229788/4527/660525579de30883af214a8e1a751cb99357bcff.33/2.2.2.Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n/_/download/resources | userName: anonymous | referer: http://confluence.example.com:80/confluence/ java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at java.lang.String.substring(String.java:1904) at com.atlassian.plugin.webresource.SingleDownloadableResourceBuilder.parse(SingleDownloadableResourceBuilder.java:51)
The only way I've found to recover from this is to "kill -9" the tomcat process, and restart the whole thing.
Is there a way to prevent these kinds of malformed URLs from apparently knocking over the server? We haven't yet gotten the full report from the penetration testing, but it sounds like it's going to be a doozy. :-)
When using the Java substring() method, a subset of the character sequence can be extracted from a string. The substring index must be any value from 0 to the length of a string. The java.lang.StringIndexOutOfBoundsException thrown by String methods to indicate that the beginIndex is negative , or endIndex is larger than the length of this String object, or beginIndex is larger than endIndex.
How to solve the StringIndexOutOfBoundsException
* Check the length of the string before using substring()
* Exception handling using try...catch.
This occurs due to the extra slash in the end of the URL:
http://confluence.example.com:80/confluence/
It should be http://confluence.example.com:80/confluence instead.
KB created for this in JIRA: https://jira.atlassian.com/browse/JRA-44887
Cheers,
Andre
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hmmm that,s odd, maybe is some old data stuck in Confluence index, did you tried to
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.