Proof-of-concepts rather than advisories, making it a valuable resource for those who need The Exploit Database is a repository for exploits and Lists, as well as other public sources, and present them in a freely-available andĮasy-to-navigate database. The most comprehensive collection of exploits gathered through direct submissions, mailing
#Apache tomcat error archive
Non-profit project that is provided as a public service by Offensive Security.Ĭompliant archive of public exploits and corresponding vulnerable software,ĭeveloped for use by penetration testers and vulnerability researchers.
That provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is maintained by Offensive Security, an information security training company
#Apache tomcat error software
Not Vulnerable: Apache Software Foundation Tomcat 6.0Īpache Software Foundation Tomcat 3.2.2 beta2 Vulnerable: Apache Software Foundation Tomcat 3.2.1 Tomcat 3.2.1 is affected other versions may also be vulnerable. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
#Apache tomcat error code
If similar exceptions are found near the same time period, this is further indication of an anti-virus scan as the cause of the HTTP errors.Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.Īn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. If you know the schedule for the anit-virus scans, you can check the catalina.log at the same time period in the past. Usually, anti-virus scans are scheduled to occur at a reoccurring period, such as once every 7 days near the same time period. In this example, the anti-virus software Qualys was scanning Tomcat and producing the HTTP exceptions. The localhost_access_log.txt may identify an anti-virus scan. JSP and HTML pages), anti-virus scans may be the cause of this error. If the app in question is not fronted by a web server and does not produce web content (eg. If server.xml is updated to have some other value set for the maxHttpHeaderSize, the Tomcat application server will need to be restarted for this change to take effect. In this example, the application server has 12288 bytes of memory allocated for the HTTP header. Â Â Â at (Thread.java:748)Įach Tomcat application server has a set amount of memory allocated for HTTP header, in server.xml. Â Â Â at .threads.TaskThread$n(TaskThread.java:61) Â Â Â at .runWorker(ThreadPoolExecutor.java:1149) Â Â Â at .net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) Â Â Â at $ConnectionHandler.process(AbstractProtocol.java:790) Â Â Â at .process(AbstractProcessorLight.java:66)
   at 11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:426)  : Invalid character found in method name.  Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. 2 01:13:52.454 INFO 11.rvice Error parsing HTTP request header "Error parsing HTTP request header" appears in catalina.log.