glassfish
  1. glassfish
  2. GLASSFISH-18257

On URI decode exception the access log is not used

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.1_dev
    • Fix Version/s: None
    • Component/s: grizzly-kernel
    • Labels:
      None
    • Environment:

      Linux x86_64

      Description

      When Grizzly throws an "Invalid URI character encoding" exception, the URI is part of the stack trace but the HTTP request info isn't saved on the access log.
      This is a problem if the request URI makes it obvious that the requester is trying an exploit/vulnerability.
      Without the access log used, there is no way of seeing the IP/hostname of the requester to identify the source of this attack attempt.

        Activity

          People

          • Assignee:
            oleksiys
            Reporter:
            benjamin_m
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: