Bug 19871

Summary: When above URI is entered Default-Servlet raises Exception
Product: Tomcat 4 Reporter: Janick Bernet <jaBernet>
Component: Servlet & JSP APIAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED WORKSFORME    
Severity: major    
Priority: P3    
Version: 4.1.24   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
URL: /scripts/..%c1%9c../winnt/system32/cmd.exe

Description Janick Bernet 2003-05-12 21:32:30 UTC 
Following exact Stacktrace is returned:

java.lang.NullPointerException
at java.io.File.(File.java(Compiled Code))
at org.apache.naming.resources.FileDirContext.file(FileDirContext.java(Compiled 
Code))
at org.apache.naming.resources.FileDirContext.getAttributes(FileDirContext.
java(Compiled Code))
at org.apache.naming.resources.BaseDirContext.getAttributes(BaseDirContext.
java(Compiled Code))
at org.apache.naming.resources.ProxyDirContext.cacheLoad(ProxyDirContext.java:
1491)
at org.apache.naming.resources.ProxyDirContext.cacheLookup(ProxyDirContext.
java(Compiled Code))
at org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:300)
at org.apache.catalina.servlets.DefaultServlet$ResourceInfo.set(DefaultServlet.
java:2267)
at org.apache.catalina.servlets.DefaultServlet$ResourceInfo.(DefaultServlet.
java:2219)
at org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.
java:921)
at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:506)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.
internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.
doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.
java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java(Compiled Code))
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java(Compiled 
Code))
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.
java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:
246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java(Compiled Code))
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java(Compiled 
Code))
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.
java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java(Compiled Code))
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java(Compiled 
Code))
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:
174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.
invokeNext(StandardPipeline.java(Compiled Code))
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java(Compiled Code))
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java(Compiled 
Code))
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.
processConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.
java(Compiled Code))
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.
java:619)
at java.lang.Thread.run(Thread.java:566)


I think the URL comes from an IIS exploid.
Comment 1 Mark Thomas 2004-04-18 17:01:28 UTC 
Trying this in the latest TC4 code from CVS just returns a 404 and no 
exception appears in the logs.