cffeed causing errors - coldfusion

Our web admins applied some hotfixes (don't know which ones) over the weekend and it seems to have killed <cffeed>. The error we get is below. We have the <cffeed> tag inside of a <cftry> but it still produces the error. Any thoughts on what would be causing the error or or how to circumvent without rewriting all our code?
ROOT CAUSE:
java.lang.NoClassDefFoundError: Could not initialize class coldfusion.syndication.FeedDateParser
at coldfusion.tagext.io.FeedTag.<init>(FeedTag.java:64)
at sun.reflect.GeneratedConstructorAccessor555.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at coldfusion.runtime.NeoPageContext$TagSet.getTagHandlerInstance(NeoPageContext.java:2284)
at coldfusion.runtime.NeoPageContext.getTagHandlerInstance(NeoPageContext.java:2192)
at coldfusion.runtime.CfJspPage._initTag(CfJspPage.java:1789)
at cfindex2ecfm2002820310.runPage(D:\WEB\ROOT\itap\index.cfm:156)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:483)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:288)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.CfmServlet.service(CfmServlet.java:198)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

It looks like this is a sandbox issue. We have security sandboxing turned on. When the hot fixes were put into place, the path to /WEB-INF/cfusion/lib/ needed to be added to the sandbox. So far the only thing we have found that this affects is cffeed. Also, ColdFusion had to be restarted when the changes were made.

Related

ColdFusion 9 - File Write detection (anti-exploit)

I have a web server (IIS 7) with ~400,000 files on it.
80,000 of these are .cfm files.
I believe that one of those files is permitting an exploit whereby a file can be uploaded anywhere in wwwroot.
I think this because I enabled windows auditing, and see that the file generated has an event log specifying JRun.exe as the culprit. It is definitely written to disk by Jrun.
I need to know the best way to determine which coldfusion script running inside Jrun's singular instance is causing the file to be written to disk.
I am about to override the java.io namespace, unless someone here has a better idea. And yes, I ran PowerGREP utility to scan all files for file write strings, such as:
CFIDE.componentutils.cfcexplorer
action="upload" (+single quotes, and ="write")
java.io
BufferedWriter
etc
The exploit I'm seeing appear in numbers is: http://pastebin.com/sNGycNZS
Simple google search by content yielded it.
Alright, so I ended up decompiling java.io.FileOutputStream.class inside Coldfusion\runtime\jre\lib\rt.jar
And patching it to log to the event log for each function that performs the Write() function.
public FileOutputStream(String paramString)
throws FileNotFoundException{ // aka #override
this(paramString != null ? new File(paramString) : null, false);
DoEvent("_Single_", "FileOutputStream(" + paramString + "): ");
}
// my attempt at forcing line breaks in through command prompt were insufficient. So I used regex after-the-fact to replace %NL% with \r\n. :P
public static void DoEvent(String type, String description) {
if (description.contains("wwwroot"))
{
StackTraceElement[] stack = Thread.currentThread().getStackTrace();
StringBuilder sz = new StringBuilder();
String linefeed = "%NL%";
for (StackTraceElement s : stack)
{
sz.append(s.toString());
sz.append(linefeed + "-------------" + linefeed);
}
description = description + linefeed + sz.toString();
String command = "cmd /c \"SET NLM=^\r\n\r\n && set NL=^^^%NLM%%NLM%^%NLM%%NLM% && ";
command = command + "eventcreate /l APPLICATION /so \"COLDFUSION FILE WRITE :: " + type + " " + "\"" + " /t " + "ERROR" + " /id " + new Random().nextInt(500) + " /d \"" + description + "\"";
command = command + "\"";
try
{
Runtime.getRuntime().exec(command);
}
catch (IOException e) {}
}
Which yielded results:
FileOutputStream(E:\.....\wwwroot\public\subdomain.site.com\images\veryver.cfm):
java.lang.Thread.getStackTrace(Thread.java:1479)
^--> java.io.FileOutputStream.DoEvent(FileOutputStream.java:26)
^--> java.io.FileOutputStream.<init>(FileOutputStream.java:75)
^--> java.io.FileOutputStream.<init>(FileOutputStream.java:60)
^--> coldfusion.vfs.VFSFileFactory.fetchOutputStream(VFSFileFactory.java:442)
^--> coldfusion.vfs.VFSFileFactory.getOutputStream(VFSFileFactory.java:283)
^--> coldfusion.tagext.io.FileUtils.copyFile(FileUtils.java:944)
^--> coldfusion.tagext.io.FileUtils$2.run(FileUtils.java:613)
^--> java.security.AccessController.doPrivileged(Native Method)
^--> coldfusion.tagext.io.FileUtils.uploadFile(FileUtils.java:609)
^--> coldfusion.tagext.io.FileTag.upload(FileTag.java:591)
^--> coldfusion.tagext.io.FileTag.doStartTag(FileTag.java:266)
^--> coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2722)
^--> cftvb2ecfm60673673._factor26(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:468)
^--> cftvb2ecfm60673673._factor27(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:466)
^--> cftvb2ecfm60673673._factor28(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:465)
^--> cftvb2ecfm60673673._factor29(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:464)
^--> cftvb2ecfm60673673._factor121(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:462)
^--> cftvb2ecfm60673673._factor124(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:76)
^--> cftvb2ecfm60673673._factor125(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:72)
^--> cftvb2ecfm60673673.runPage(E:\....\wwwroot\CFIDE\scripts\tvb.cfm:1)
^--> coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231)
^--> coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416)
^--> coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
^--> coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:387)
^--> coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
^--> coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
^--> coldfusion.filter.PathFilter.invoke(PathFilter.java:94)
^--> coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
^--> coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
^--> coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
^--> coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
^--> coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
^--> coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
^--> coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
^--> coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:126)
^--> coldfusion.CfmServlet.service(CfmServlet.java:201)
^--> coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
^--> jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
^--> coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
^--> coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
^--> jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
^--> jrun.servlet.FilterChain.service(FilterChain.java:101)
^--> jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
^--> jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
^--> jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
^--> jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
^--> jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
^--> jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
^--> jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
^--> jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
^--> jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
^-->
So as you can see, it was a remnant script located in CFIDE. Not sure how they accessed it, because it's outside of the scope of public accessible documents.
You have to have VPN access AND remote desktop, just to access CFIDE.
Anyway, so I solved this by removing the file.
Please also note that I used this same method to trace what wrote the above mentioned file, and determined it to be a compiled coldfusion class inside the Coldfusion classes/cache folder.
E:\ColdFusion9\wwwroot\WEB-INF\cfclasses\
I deleted it to be safe, though the code seems quite docile when decompiled.
i would also recommend everyone to check their system's scheduled tasks, as well as coldfusion's scheduled tasks, and any cf probes.
In order to assist others in finding this content, here are some strings for google (ordered by frequency of occurrence within infected file --- scan in .php,.cf?, and *.class):
S?bastien Denis
CFIDE.componentutils.cfcexplorer
hermes
Silence is golden
And the most-common files:
veryver.cfm
img.cfm
co.cfm
as.cfm
good.cfm
z.txt
And the targets of the attack:
index.php
Wordpress
file_get_contents('http://www.mqa.gov.my/fpdb/hermes_kopi.htm');
window.location.href="http://www.22sougo.com/hermes-birkin25-1.htm"
I'd like to have attached the source code to that .class i spoke of, but can't seem to find the option on this site. Probably for the better that I don't share the source of it anyway.
Thanks for the help all :)

Issue with deleting sheet from excel

Are there any known issues with deleting sheet from an excel? My code does not allow me to delete first sheet, but do so for any other sheet.
<cfspreadsheet action="read" src="courses.xls" name="spreadSheetVar">
<cfset spreadsheetRemoveSheet(spreadsheetVar,"first")>
<cfspreadsheet action="write" filename="courses.xls" name="spreadsheetVar" overwrite="true" >
Courses.xls has two sheets named first & second. If I try to delete "second" it deletes, but while trying deleting "first" it throw error.
environment: coldfusion dev edition 9,0,2,282541
in built IIS, running on window 7 pro
Following is the error it throw
java.lang.IllegalArgumentException: Sheet index (1) is out of range
(0..0) at
org.apache.poi.hssf.usermodel.HSSFWorkbook.validateSheetIndex(HSSFWorkbook.java:413)
at
org.apache.poi.hssf.usermodel.HSSFWorkbook.getSheetName(HSSFWorkbook.java:542)
at coldfusion.excel.Excel.removeSheet(Excel.java:179) at
coldfusion.runtime.CFPage.SpreadSheetRemoveSheet(CFPage.java:6912) at
cftest12ecfm402095173.runPage(C:\ColdFusion9\wwwroot\Test_Apps\test1.cfm:3)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:231) at
coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:416) at
coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at
coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:381)
at
coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at
coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:94) at
coldfusion.filter.LicenseFilter.invoke(LicenseFilter.java:27) at
coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at
coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:79)
at
coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at
coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at
coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at
coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at
coldfusion.CfmServlet.service(CfmServlet.java:200) at
coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at
coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at
coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at
jrun.servlet.FilterChain.service(FilterChain.java:101) at
jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at
jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at
jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at
jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.http.WebService.invokeRunnable(WebService.java:172)
at
jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at
jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at
jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
I know this is not the answer, I was looking for. It is just a workaround, if some is stuck and no way forward. It looks like CF treats first sheet as Active sheet and is not able to delete it.
Making any other sheet as active will allow the first sheet to be deleted.
<cfset SpreadsheetSetActiveSheetNumber(spreadsheetVar, N)>
Where N is anything other than 1.
As I said, until someone who have good hold on java and native POI being used in spreadsheet functions, does not answer this question, this is is the workaround.

ColdFusion looking for files in web service import statements on local machine instead of web server

I am trying to create a web service object in CF10. I have verified that it works as intended in SoapUI. However, when I run it in CF, I get an error that it cannot find an XSD imported in an import statement in the WSDL. Here is the createObject call in CF and the import statements within the WSDL:
<cfset var ws = createObject("webservice", "https://XXXXXX.XXXX.net/billingandcollectionmgmt/billing/PaymentManagement_1.wsdl")
<xsd:import schemaLocation="PaymentManagement_1.xsd4.xsd" namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
<xsd:import schemaLocation="PaymentManagement_1.xsd2.xsd" namespace="http://www.XXXXX.com/schemas/XXXXBilling/billingandcollectionmgmt/billing/PaymentManagement_1"/>
The error I'm getting is because it's looking in my local CF install's /bin location to find the files, instead of on the web server in the same directory as WSDL itself. I have verified that the XSDs are indeed located in that directory by accessing them with the URL I provided above. I.e, the file https://XXXXXX.XXXX.net/billingandcollectionmgmt/billing/PaymentManagement_1.xsd4.xsd does exist.
Here is the stack trace:
javax.wsdl.WSDLException: WSDLException (at /wsdl:definitions/wsdl:types/xsd:schema): faultCode=OTHER_ERROR: An error occurred trying to resolve schema referenced at 'PaymentManagement_1.xsd4.xsd'.: java.io.FileNotFoundException: This file was not found: file:/C:/ColdFusion10/cfusion/bin/PaymentManagement_1.xsd4.xsd
at com.ibm.wsdl.xml.WSDLReaderImpl.parseSchema(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.parseSchema(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.parseTypes(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.parseDefinitions(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(Unknown Source)
at coldfusion.xml.rpc.XmlRpcServiceImpl.getServiceInfoGenerator(XmlRpcServiceImpl.java:468)
at coldfusion.xml.rpc.XmlRpcServiceImpl.generateServiceInfo(XmlRpcServiceImpl.java:372)
at coldfusion.xml.rpc.XmlRpcServiceImpl.registerWebService(XmlRpcServiceImpl.java:317)
at coldfusion.xml.rpc.XmlRpcServiceImpl.getWebServiceProxy(XmlRpcServiceImpl.java:679)
at coldfusion.xml.rpc.WebServiceProxyFactory.getProxy(WebServiceProxyFactory.java:22)
at coldfusion.runtime.ProxyFactory.getProxy(ProxyFactory.java:65)
at coldfusion.runtime.CFPage.createObjectProxy(CFPage.java:5747)
at coldfusion.runtime.CFPage.CreateObject(CFPage.java:5710)
at coldfusion.runtime.CFPage.CreateObject(CFPage.java:5644)
at coldfusion.runtime.CFPage.CreateObject(CFPage.java:5619)
at coldfusion.runtime.CFPage.CreateObject(CFPage.java:5566)
at cfXXXXPayments2ecfc1210176705$funcDELETEPAYMENT.runFunction(C:\ColdFusion10\cfusion\wwwroot\XXXXPayments.cfc:74)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472)
at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368)
at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55)
at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220)
at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:2659)
at cfXXXXPayments2ecfc1210176705$funcDELETEPAYMENTS.runFunction(C:\ColdFusion10\cfusion\wwwroot\XXXXPayments.cfc:64)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472)
at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368)
at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55)
at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:655)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:444)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:414)
at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2432)
at cftestPending2ecfm428388279.runPage(C:\ColdFusion10\cfusion\wwwroot\testPending.cfm:3)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:244)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:444)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.IpFilter.invoke(IpFilter.java:64)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:443)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:112)
at coldfusion.filter.LicenseFilter.invoke(LicenseFilter.java:30)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
at coldfusion.CfmServlet.service(CfmServlet.java:204)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:414)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:722)
Caused by: java.io.FileNotFoundException: This file was not found: file:/C:/ColdFusion10/cfusion/bin/PaymentManagement_1.xsd4.xsd
at com.ibm.wsdl.util.StringUtils.getContentAsInputStream(Unknown Source)
... 74 more
The question is, does anyone know why ColdFusion might be looking for the file on my local machine instead of on the web server where the files are actually located?
Using Miguel's advice, I changed my code to use cfhttp and the code snippet in his previous answer. Replacing the <soapenv:Envelope> </soapenv:Envelope> with the content from my SoapUI request solved my problem.

Unable to read/write to Coldfusion 8.01 tmpCache directory on server restart

I'm having an odd issue with an installation of CF8.01. I recently updated the coldfusion image hotfix (kb403411) & discovered that suddenly CF started needing use of a new directory for some image manipulation functions [imageresize()]
{coldfusionh_home}/tmpCache & it subdirectories /CFFileServlet/_cf_image/. Initially tmpCache did not exist & had to be created, it's subdirs were created automatically. However there are 3 problems here:
Coldfusion does not appear to be deleting temporary files from the subdirs
An error is thrown on the first attempt to write something to these dirs ONLY after the FIRST restart of coldfusion. Subsequent read/write attempts are fine. [trace posted below]
A directory entry has to be added to the sandbox settings to allow access to this directory [actually this is more of a PIA than an issue - it is correct behavior for sandboxes]
so I have several questions:
How do I test/ensure that CF is deleting these files when no longer needed
what is the possible cause of the startup error & how to fix?
the sandbox thing is a pain, can CF be told to use /tmp or /var/tmp or something instead
I've tried several different owner/permission combinations on the directory structure & Am convinced it is not permissions.
Any thoughts/ideas?
Here is the error trace:
image rezise
500
ROOT CAUSE:
java.security.AccessControlException: access denied (java.io.FilePermission /opt/coldfusion8/tmpCache read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at coldfusion.runtime.RuntimeServiceImpl.getTempCacheDirectory(RuntimeServiceImpl.java:2038)
at coldfusion.tagext.io.ImageTag.getTempImageFile(ImageTag.java:637)
at coldfusion.tagext.io.ImageTag.writeImageToBrowser(ImageTag.java:571)
at coldfusion.tagext.io.ImageTag.doStartTag(ImageTag.java:459)
at cftest2ecfm1941538635.runPage(/var/www/vhosts/bigblock.ca/subdomains/propaganda/httpdocs/filetest/test.cfm:29)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:483)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:288)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.CfmServlet.service(CfmServlet.java:198)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
javax.servlet.ServletException: ROOT CAUSE:
java.security.AccessControlException: access denied (java.io.FilePermission /opt/coldfusion8/tmpCache read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at coldfusion.runtime.RuntimeServiceImpl.getTempCacheDirectory(RuntimeServiceImpl.java:2038)
at coldfusion.tagext.io.ImageTag.getTempImageFile(ImageTag.java:637)
at coldfusion.tagext.io.ImageTag.writeImageToBrowser(ImageTag.java:571)
at coldfusion.tagext.io.ImageTag.doStartTag(ImageTag.java:459)
at cftest2ecfm1941538635.runPage(/var/www/vhosts/bigblock.ca/subdomains/propaganda/httpdocs/filetest/test.cfm:29)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:483)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:288)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:86)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70)
at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.CfmServlet.service(CfmServlet.java:198)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:70)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
ok, I see no one else couldn't help so I'll try to give you a hint from my personal experience.
If you have for example, some file i/o operation during your page execution, e.g. file upload, and you're using java native classes for file manipulation, and exception is thrown before you call File close() method, all files get locked and can't be open/deleted without higher permissions and/or server restart.
Happened to me dozens of times so I can assume it could happen to be your problem.
Cheers,
z.

What is an Unexpected End of Part error in ColdFusion?

We are using Adobe ColdFusion 9 and are receiving the following error sporadically. I can not find any information on it. Does anyone have any ideas?
java.io.IOException: unexpected end of part
at com.oreilly.servlet.multipart.PartInputStream.fill(PartInputStream.java:96)
at com.oreilly.servlet.multipart.PartInputStream.read(PartInputStream.java:191)
at com.oreilly.servlet.multipart.PartInputStream.read(PartInputStream.java:152)
at com.oreilly.servlet.multipart.FilePart.write(FilePart.java:257)
at com.oreilly.servlet.multipart.FilePart.writeTo(FilePart.java:215)
at coldfusion.filter.FormScope.fillForm(FormScope.java:252)
at coldfusion.filter.FusionContext.SymTab_initForRequest(FusionContext.java:376)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:33)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:53)
at coldfusion.filter.RequestThrottleFilter.invoke(RequestThrottleFilter.java:126)
at coldfusion.CfmServlet.service(CfmServlet.java:200)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:86)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
at jrun.servlet.FilterChain.service(FilterChain.java:101)
at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
09/22 11:41:43 error (JRun Service: ProxyService [jrun.servlet.jrpp.JRunProxyService#adc9df]) JRunPRoxyServer.invokeRunnable:
java.lang.IllegalStateException
at jrun.servlet.JRunResponse.getWriter(JRunResponse.java:205)
at jrun.servlet.JRunResponse.sendError(JRunResponse.java:597)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:328)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
java.lang.IllegalStateException
at jrun.servlet.JRunResponse.getWriter(JRunResponse.java:205)
at jrun.servlet.JRunResponse.sendError(JRunResponse.java:597)
at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:328)
at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320)
at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266)
at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
I believe this is just a malformed multipart POST. It could happen for any number of reasons, the client crashing during the POST, the connection being dropped, etc.
Does this app do any (a lot?) of multipart form posts, like HTTP uploads?
I think it is benign, and you can probably ignore it. If you are getting a lot of them, as a percentage of total traffic, I suppose it could indicate some network/connection issues in your infrastructure.