[1.3.1] Should I be worried about this?

[Johan Vosloo]

It looks like some sort of scripted cookie attack has a go at one of my Play prod servers recently:

2015-07-24 03:51:29,124 WARN  ~ Exception on request. serving 500 back
java.lang.IllegalArgumentException: name contains one of the following prohibited characters: =,; \t\r\n\v\f: Greetz to M, st0n3d, Jorgee, CoLdZeRo and justa
 at org.jboss.netty.handler.codec.http.DefaultCookie.<init>(DefaultCookie.java:66)
 at org.jboss.netty.handler.codec.http.CookieDecoder.decode(CookieDecoder.java:102)
 at play.server.PlayHandler.getCookies(PlayHandler.java:648)
 at play.server.PlayHandler.parseRequest(PlayHandler.java:619)
 at Invocation.Message Received(Play!)
2015-07-24 03:51:31,054 WARN  ~ Exception on request. serving 500 back
java.lang.IllegalArgumentException: name contains one of the following prohibited characters: =,; \t\r\n\v\f: Greetz to M, st0n3d, Jorgee, CoLdZeRo, and Tomato lol!
 at org.jboss.netty.handler.codec.http.DefaultCookie.<init>(DefaultCookie.java:66)
 at org.jboss.netty.handler.codec.http.CookieDecoder.decode(CookieDecoder.java:102)
 at play.server.PlayHandler.getCookies(PlayHandler.java:648)
 at play.server.PlayHandler.parseRequest(PlayHandler.java:619)
 at Invocation.Message Received(Play!)

I can see a few other people around the web commenting on it as well, e.g. http://www.skepticism.us/2015/05/13/

Does anybody know/think that I should be worried?

Anything specifically I should be doing to mitigate something like this (already reverse proxying with Nginx)?

[Scott Rippee]

I've been seeing regular occurrences of this for the last couple of months.  Based on how netty handles the request it doesn't look like there's a problem, but thanks for asking as I've been searching for additional info on this myself.

[fraser]

We've also been seeing this in our logs. What are the security implications involved with this?