My workplace is doing penetration testing on our Confluence site and the Confluence logs are filling up with these:
-------------------------- Parameters -------------------------- caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) 2014-01-27 17:26:47,882 ERROR [http-8080-58] [[Catalina].[localhost].[/confluence].[file-server]] log Servlet.service() for servlet file-server threw exception -- url: /confluence/s/en_GB-1988229788/4527/660525579de30883af214a8e1a751cb99357bcff.33/2.2.2.Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAAucG5n/_/download/resources | userName: anonymous | referer: http://confluence.example.com:80/confluence/ java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(String.java:1937) at java.lang.String.substring(String.java:1904) at com.atlassian.plugin.webresource.SingleDownloadableResourceBuilder.parse(SingleDownloadableResourceBuilder.java:51)
The only way I've found to recover from this is to "kill -9" the tomcat process, and restart the whole thing.
Is there a way to prevent these kinds of malformed URLs from apparently knocking over the server? We haven't yet gotten the full report from the penetration testing, but it sounds like it's going to be a doozy. :-)
Hi my Community friends! For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs