My workplace is doing penetration testing on our Confluence site and the Confluence logs are filling up with these:
-------------------------- Parameters -------------------------- caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) 2014-01-27 17:26:47,882 ERROR [http-8080-58] [[Catalina].[localhost].[/confluence].[file-server]] log Servlet.service() for servlet file-server threw exception -- url: /confluence/s/en_GB-1988229788/4527/660525579de30883af214a8e1a751cb99357bcff.33/2.2.2.Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n/_/download/resources | userName: anonymous | referer: http://confluence.example.com:80/confluence/ java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at java.lang.String.substring(String.java:1904) at com.atlassian.plugin.webresource.SingleDownloadableResourceBuilder.parse(SingleDownloadableResourceBuilder.java:51)
The only way I've found to recover from this is to "kill -9" the tomcat process, and restart the whole thing.
Is there a way to prevent these kinds of malformed URLs from apparently knocking over the server? We haven't yet gotten the full report from the penetration testing, but it sounds like it's going to be a doozy. :-)
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
To anyone who doubts that Atlassians are a little too obsessed with collaboration, and tools related thereto, let me describe a recent discussion we had (which took place on our internal Confluence, ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs