I have a web server (IIS 7) with ~400,000 files on it.
80,000 of these are .cfm files.
I believe that one of those files is permitting an exploit whereby a file can be uploaded anywhere in wwwroot.
I think this because I enabled windows auditing, and see that the file generated has an event log specifying JRun.exe as the culprit. It is definitely written to disk by Jrun.
I need to know the best way to determine which coldfusion script running inside Jrun's singular instance is causing the file to be written to disk.
I am about to override the java.io namespace, unless someone here has a better idea. And yes, I ran PowerGREP utility to scan all files for file write strings, such as:
CFIDE.componentutils.cfcexplorer
action="upload" (+single quotes, and ="write")
java.io
BufferedWriter
etc
The exploit I'm seeing appear in numbers is: http://pastebin.com/sNGycNZS
Simple google search by content yielded it.
Alright, so I ended up decompiling java.io.FileOutputStream.class inside Coldfusion\runtime\jre\lib\rt.jar
And patching it to log to the event log for each function that performs the Write() function.
public FileOutputStream(String paramString)
throws FileNotFoundException{ // aka #override
this(paramString != null ? new File(paramString) : null, false);
DoEvent("_Single_", "FileOutputStream(" + paramString + "): ");
}
// my attempt at forcing line breaks in through command prompt were insufficient. So I used regex after-the-fact to replace %NL% with \r\n. :P
public static void DoEvent(String type, String description) {
if (description.contains("wwwroot"))
{
StackTraceElement[] stack = Thread.currentThread().getStackTrace();
StringBuilder sz = new StringBuilder();
String linefeed = "%NL%";
for (StackTraceElement s : stack)
{
sz.append(s.toString());
sz.append(linefeed + "-------------" + linefeed);
}
description = description + linefeed + sz.toString();
String command = "cmd /c \"SET NLM=^\r\n\r\n && set NL=^^^%NLM%%NLM%^%NLM%%NLM% && ";
command = command + "eventcreate /l APPLICATION /so \"COLDFUSION FILE WRITE :: " + type + " " + "\"" + " /t " + "ERROR" + " /id " + new Random().nextInt(500) + " /d \"" + description + "\"";
command = command + "\"";
try
{
Runtime.getRuntime().exec(command);
}
catch (IOException e) {}
}
Which yielded results:
FileOutputStream(E:\.....\wwwroot\public\subdomain.site.com\images\veryver.cfm):
java.lang.Thread.getStackTrace(Thread.java:1479)
^--> java.io.FileOutputStream.DoEvent(FileOutputStream.java:26)
^--> java.io.FileOutputStream.<init>(FileOutputStream.java:75)
^--> java.io.FileOutputStream.<init>(FileOutputStream.java:60)
^--> coldfusion.vfs.VFSFileFactory.fetchOutputStream(VFSFileFactory.java:442)
^--> coldfusion.vfs.VFSFileFactory.getOutputStream(VFSFileFactory.java:283)
^--> coldfusion.tagext.io.FileUtils.copyFile(FileUtils.java:944)
^--> coldfusion.tagext.io.FileUtils$2.run(FileUtils.java:613)
^--> java.security.AccessController.doPrivileged(Native Method)
^--> coldfusion.tagext.io.FileUtils.uploadFile(FileUtils.java:609)
^--> coldfusion.tagext.io.FileTag.upload(FileTag.java:591)
^--> coldfusion.tagext.io.FileTag.doStartTag(FileTag.java:266)
^--> coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2722)
^--> cftvb2ecfm60673673._factor26(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:468)
^--> cftvb2ecfm60673673._factor27(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:466)
^--> cftvb2ecfm60673673._factor28(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:465)
^--> cftvb2ecfm60673673._factor29(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:464)
^--> cftvb2ecfm60673673._factor121(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:462)
^--> cftvb2ecfm60673673._factor124(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:76)
^--> cftvb2ecfm60673673._factor125(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:72)
^--> cftvb2ecfm60673673.runPage(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:1)
^--> coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231)
^--> coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416)
^--> coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
^--> coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:387)
^--> coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
^--> coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
^--> coldfusion.filter.PathFilter.invoke(PathFilter.java:94)
^--> coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
^--> coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
^--> coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
^--> coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
^--> coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
^--> coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
^--> coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
^--> coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:126)
^--> coldfusion.CfmServlet.service(CfmServlet.java:201)
^--> coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
^--> jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
^--> coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
^--> coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
^--> jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
^--> jrun.servlet.FilterChain.service(FilterChain.java:101)
^--> jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
^--> jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
^--> jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
^--> jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
^--> jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
^--> jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
^--> jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
^--> jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
^--> jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
^-->
So as you can see, it was a remnant script located in CFIDE. Not sure how they accessed it, because it's outside of the scope of public accessible documents.
You have to have VPN access AND remote desktop, just to access CFIDE.
Anyway, so I solved this by removing the file.
Please also note that I used this same method to trace what wrote the above mentioned file, and determined it to be a compiled coldfusion class inside the Coldfusion classes/cache folder.
E:\ColdFusion9\wwwroot\WEB-INF\cfclasses\
I deleted it to be safe, though the code seems quite docile when decompiled.
i would also recommend everyone to check their system's scheduled tasks, as well as coldfusion's scheduled tasks, and any cf probes.
In order to assist others in finding this content, here are some strings for google (ordered by frequency of occurrence within infected file --- scan in .php,.cf?, and *.class):
S?bastien Denis
CFIDE.componentutils.cfcexplorer
hermes
Silence is golden
And the most-common files:
veryver.cfm
img.cfm
co.cfm
as.cfm
good.cfm
z.txt
And the targets of the attack:
index.php
Wordpress
file_get_contents('http://www.mqa.gov.my/fpdb/hermes_kopi.htm');
window.location.href="http://www.22sougo.com/hermes-birkin25-1.htm"
I'd like to have attached the source code to that .class i spoke of, but can't seem to find the option on this site. Probably for the better that I don't share the source of it anyway.
Thanks for the help all :)
Related
I am getting the following error on my browser:
Exceptions
11:05:30.030 - Application Exception - in C:\mypath\myfile.cfm : line 14
JSON parsing failure: Unexpected end of JSON string
Where Line #14 is where I am deserializing the JSON like the following:
<cfset incomingData = toString(getHttpRequestData().content) />
line #14:
<cfset djs = DeserializeJSON(incomingData)/>
What does the Application Exception means?
The Stacktrace after dumping variable djs is as follows:
coldfusion.runtime.JSONUtils$JSONParseOverflowException: JSON parsing failure: Unexpected end of JSON string at coldfusion.runtime.JSONUtils$ParserState.currentChar(JSONUtils.java:1835) at coldfusion.runtime.JSONUtils.parseObject(JSONUtils.java:949) at coldfusion.runtime.JSONUtils.parseJSON(JSONUtils.java:922) at coldfusion.runtime.JSONUtils.deserializeJSON(JSONUtils.java:162) at coldfusion.runtime.CFPage.DeserializeJSON(CFPage.java:6723) at cfgetIncoming2ecfm1847112669.runPage(C:\Websites\ebmdevii\Event-Based-Messaging\public\response\email\getIncoming.cfm:14) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:381) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:94) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:79) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:200) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Note: The same file when I run on different Coldfusion 8 Server located at different IP doesn't throw any error.
The error message is very clear: JSON parsing failure: Unexpected end of JSON string
You're trying to parse a string as JSON, and the string isn't JSON.
Put a try/catch around the erroring line, and in the catch dump out the string you're trying to deserialise. You will undoubtedly see that the string isn't JSON. Hence the error saying it can't be parsed as such.
This worked for me:
<cfset requestBody = toString(getHttpRequestData().content)>
<cfset requestBody = REReplaceNoCase(requestBody,"[\s+]"," ","ALL")>
<cfset requestBody = Trim(requestBody)>
<cftry>
<cfset requestBody = DeserializeJSON(requestBody)>
<cfcatch>
<cfdump var="#requestBody#" />
</cfcatch>
</cftry>
Are there any known issues with deleting sheet from an excel? My code does not allow me to delete first sheet, but do so for any other sheet.
<cfspreadsheet action="read" src="courses.xls" name="spreadSheetVar">
<cfset spreadsheetRemoveSheet(spreadsheetVar,"first")>
<cfspreadsheet action="write" filename="courses.xls" name="spreadsheetVar" overwrite="true" >
Courses.xls has two sheets named first & second. If I try to delete "second" it deletes, but while trying deleting "first" it throw error.
environment: coldfusion dev edition 9,0,2,282541
in built IIS, running on window 7 pro
Following is the error it throw
java.lang.IllegalArgumentException: Sheet index (1) is out of range
(0..0) at
org.apache.poi.hssf.usermodel.HSSFWorkbook.validateSheetIndex(HSSFWorkbook.java:413)
at
org.apache.poi.hssf.usermodel.HSSFWorkbook.getSheetName(HSSFWorkbook.java:542)
at coldfusion.excel.Excel.removeSheet(Excel.java:179) at
coldfusion.runtime.CFPage.SpreadSheetRemoveSheet(CFPage.java:6912) at
cftest12ecfm402095173.runPage(C:\ColdFusion9\wwwroot\Test_Apps\test1.cfm:3)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231) at
coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416) at
coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at
coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:381)
at
coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at
coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:94) at
coldfusion.filter.LicenseFilter.invoke(LicenseFilter.java:27) at
coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at
coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:79)
at
coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at
coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at
coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at
coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at
coldfusion.CfmServlet.service(CfmServlet.java:200) at
coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at
coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at
coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at
jrun.servlet.FilterChain.service(FilterChain.java:101) at
jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at
jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.http.WebService.invokeRunnable(WebService.java:172)
at
jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at
jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
I know this is not the answer, I was looking for. It is just a workaround, if some is stuck and no way forward. It looks like CF treats first sheet as Active sheet and is not able to delete it.
Making any other sheet as active will allow the first sheet to be deleted.
<cfset SpreadsheetSetActiveSheetNumber(spreadsheetVar, N)>
Where N is anything other than 1.
As I said, until someone who have good hold on java and native POI being used in spreadsheet functions, does not answer this question, this is is the workaround.
I'm having an odd issue with an installation of CF8.01. I recently updated the coldfusion image hotfix (kb403411) & discovered that suddenly CF started needing use of a new directory for some image manipulation functions [imageresize()]
{coldfusionh_home}/tmpCache & it subdirectories /CFFileServlet/_cf_image/. Initially tmpCache did not exist & had to be created, it's subdirs were created automatically. However there are 3 problems here:
Coldfusion does not appear to be deleting temporary files from the subdirs
An error is thrown on the first attempt to write something to these dirs ONLY after the FIRST restart of coldfusion. Subsequent read/write attempts are fine. [trace posted below]
A directory entry has to be added to the sandbox settings to allow access to this directory [actually this is more of a PIA than an issue - it is correct behavior for sandboxes]
so I have several questions:
How do I test/ensure that CF is deleting these files when no longer needed
what is the possible cause of the startup error & how to fix?
the sandbox thing is a pain, can CF be told to use /tmp or /var/tmp or something instead
I've tried several different owner/permission combinations on the directory structure & Am convinced it is not permissions.
Any thoughts/ideas?
Here is the error trace:
image rezise
500
ROOT CAUSE:
java.security.AccessControlException: access denied (java.io.FilePermission /opt/coldfusion8/tmpCache read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at coldfusion.runtime.RuntimeServiceImpl.getTempCacheDirectory(RuntimeServiceImpl.java:2038)
at coldfusion.tagext.io.ImageTag.getTempImageFile(ImageTag.java:637)
at coldfusion.tagext.io.ImageTag.writeImageToBrowser(ImageTag.java:571)
at coldfusion.tagext.io.ImageTag.doStartTag(ImageTag.java:459)
at cftest2ecfm1941538635.runPage(/var/www/vhosts/bigblock.ca/subdomains/propaganda/httpdocs/filetest/test.cfm:29)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:483)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:288)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.CfmServlet.service(CfmServlet.java:198)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
javax.servlet.ServletException: ROOT CAUSE:
java.security.AccessControlException: access denied (java.io.FilePermission /opt/coldfusion8/tmpCache read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at coldfusion.runtime.RuntimeServiceImpl.getTempCacheDirectory(RuntimeServiceImpl.java:2038)
at coldfusion.tagext.io.ImageTag.getTempImageFile(ImageTag.java:637)
at coldfusion.tagext.io.ImageTag.writeImageToBrowser(ImageTag.java:571)
at coldfusion.tagext.io.ImageTag.doStartTag(ImageTag.java:459)
at cftest2ecfm1941538635.runPage(/var/www/vhosts/bigblock.ca/subdomains/propaganda/httpdocs/filetest/test.cfm:29)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:483)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:288)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.CfmServlet.service(CfmServlet.java:198)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:70)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
ok, I see no one else couldn't help so I'll try to give you a hint from my personal experience.
If you have for example, some file i/o operation during your page execution, e.g. file upload, and you're using java native classes for file manipulation, and exception is thrown before you call File close() method, all files get locked and can't be open/deleted without higher permissions and/or server restart.
Happened to me dozens of times so I can assume it could happen to be your problem.
Cheers,
z.
We are using Adobe ColdFusion 9 and are receiving the following error sporadically. I can not find any information on it. Does anyone have any ideas?
java.io.IOException: unexpected end of part
at com.oreilly.servlet.multipart.PartInputStream.fill(PartInputStream.java:96)
at com.oreilly.servlet.multipart.PartInputStream.read(PartInputStream.java:191)
at com.oreilly.servlet.multipart.PartInputStream.read(PartInputStream.java:152)
at com.oreilly.servlet.multipart.FilePart.write(FilePart.java:257)
at com.oreilly.servlet.multipart.FilePart.writeTo(FilePart.java:215)
at coldfusion.filter.FormScope.fillForm(FormScope.java:252)
at coldfusion.filter.FusionContext.SymTab_initForRequest(FusionContext.java:376)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:33)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:53)
at coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:126)
at coldfusion.CfmServlet.service(CfmServlet.java:200)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
09/22 11:41:43 error (JRun Service: ProxyService [jrun.servlet.jrpp.JRunProxyService#adc9df]) JRunPRoxyServer.invokeRunnable:
java.lang.IllegalStateException
at jrun.servlet.JRunResponse.getWriter(JRunResponse.java:205)
at jrun.servlet.JRunResponse.sendError(JRunResponse.java:597)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:328)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
java.lang.IllegalStateException
at jrun.servlet.JRunResponse.getWriter(JRunResponse.java:205)
at jrun.servlet.JRunResponse.sendError(JRunResponse.java:597)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:328)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
I believe this is just a malformed multipart POST. It could happen for any number of reasons, the client crashing during the POST, the connection being dropped, etc.
Does this app do any (a lot?) of multipart form posts, like HTTP uploads?
I think it is benign, and you can probably ignore it. If you are getting a lot of them, as a percentage of total traffic, I suppose it could indicate some network/connection issues in your infrastructure.
Our web admins applied some hotfixes (don't know which ones) over the weekend and it seems to have killed <cffeed>. The error we get is below. We have the <cffeed> tag inside of a <cftry> but it still produces the error. Any thoughts on what would be causing the error or or how to circumvent without rewriting all our code?
ROOT CAUSE:
java.lang.NoClassDefFoundError: Could not initialize class coldfusion.syndication.FeedDateParser
at coldfusion.tagext.io.FeedTag.<init>(FeedTag.java:64)
at sun.reflect.GeneratedConstructorAccessor555.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at coldfusion.runtime.NeoPageContext$TagSet.getTagHandlerInstance(NeoPageContext.java:2284)
at coldfusion.runtime.NeoPageContext.getTagHandlerInstance(NeoPageContext.java:2192)
at coldfusion.runtime.CfJspPage._initTag(CfJspPage.java:1789)
at cfindex2ecfm2002820310.runPage(D:\WEB\ROOT\itap\index.cfm:156)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:483)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:288)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.CfmServlet.service(CfmServlet.java:198)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
It looks like this is a sandbox issue. We have security sandboxing turned on. When the hot fixes were put into place, the path to /WEB-INF/cfusion/lib/ needed to be added to the sandbox. So far the only thing we have found that this affects is cffeed. Also, ColdFusion had to be restarted when the changes were made.