My workplace is doing penetration testing on our Confluence site and the Confluence logs are filling up with these:
-------------------------- Parameters -------------------------- caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) 2014-01-27 17:26:47,882 ERROR [http-8080-58] [[Catalina].[localhost].[/confluence].[file-server]] log Servlet.service() for servlet file-server threw exception -- url: /confluence/s/en_GB-1988229788/4527/660525579de30883af214a8e1a751cb99357bcff.33/2.2.2.Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n/_/download/resources | userName: anonymous | referer: http://confluence.example.com:80/confluence/ java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at java.lang.String.substring(String.java:1904) at com.atlassian.plugin.webresource.SingleDownloadableResourceBuilder.parse(SingleDownloadableResourceBuilder.java:51)
The only way I've found to recover from this is to "kill -9" the tomcat process, and restart the whole thing.
Is there a way to prevent these kinds of malformed URLs from apparently knocking over the server? We haven't yet gotten the full report from the penetration testing, but it sounds like it's going to be a doozy. :-)
Hi Community! 2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs