tomcat xss attack
46 views
Skip to first unread message
venkateswararao yeluru
May 30, 2019, 9:21:30 AM5/30/19
to OpenRASP
Hi,
i'm using open rasp 1.0, i'm try to block the XSS attack.but it's not happening.
using apache-tomcat i try to deploy the application dvja to produce the XSS.
please help me with this problem.
configuration :
apache- tomcat-7.0.85 version
application - dvja - https://github.com/appsecco/dvja
logs :
May 30, 2019 6:44:45 PM org.apache.coyote.http11.AbstractHttp11Processor process
SEVERE: Error processing request
com.baidu.openrasp.exceptions.SecurityException: Request blocked by OpenRASP
at com.baidu.openrasp.HookHandler.handleBlock(HookHandler.java:285)
at com.baidu.openrasp.HookHandler.doRealCheckWithoutRequest(HookHandler.java:340)
at com.baidu.openrasp.HookHandler.doCheckWithoutRequest(HookHandler.java:363)
at com.baidu.openrasp.HookHandler.doCheck(HookHandler.java:374)
at com.baidu.openrasp.hook.server.catalina.CatalinaXssHook.getBufferFromByteArray(CatalinaXssHook.java:72)
at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java)
at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:442)
at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:359)
at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:311)
at org.apache.catalina.connector.Response.finishResponse(Response.java:537)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:483)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
SEVERE: Error processing request
com.baidu.openrasp.exceptions.SecurityException: Request blocked by OpenRASP
at com.baidu.openrasp.HookHandler.handleBlock(HookHandler.java:285)
at com.baidu.openrasp.HookHandler.doRealCheckWithoutRequest(HookHandler.java:340)
at com.baidu.openrasp.HookHandler.doCheckWithoutRequest(HookHandler.java:363)
at com.baidu.openrasp.HookHandler.doCheck(HookHandler.java:374)
at com.baidu.openrasp.hook.server.catalina.CatalinaXssHook.getBufferFromByteArray(CatalinaXssHook.java:72)
at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java)
at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:442)
at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:359)
at org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:311)
at org.apache.catalina.connector.Response.finishResponse(Response.java:537)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:483)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
OpenRASP
Jun 4, 2019, 12:33:43 AM6/4/19
to OpenRASP
Hi there,
We've resolved this issue in version 1.1, it should be out in a few days:
venkateswararao yeluru
Jun 4, 2019, 2:47:05 AM6/4/19
to OpenRASP
Thanks you.
--
You received this message because you are subscribed to the Google Groups "OpenRASP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrasp+u...@googlegroups.com.
To post to this group, send email to open...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openrasp/af75bcae-8e75-4b59-9160-437fef102752%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages