Details

    • Similar Issues:
      Show 5 results 

      Description

      It is possible to make a special crafted URL that invokes Portlet Requests looping.

      Example URL:

      https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view

      catalina.out:

      18:16:30,546 ERROR [PortletRequestProcessor:377] Remote address 127.0.0.1
      18:16:30,547 ERROR [PortletRequestProcessor:379] Invalid path was requested 1
      18:16:30,789 ERROR [RequestProcessor:676] Invalid path was requested 1
      18:16:30,790 ERROR [PortletRequestProcessor:374] User ID null
      18:16:30,791 ERROR [PortletRequestProcessor:375] Current URL /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:30,791 ERROR [PortletRequestProcessor:376] Referer https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:30,792 ERROR [PortletRequestProcessor:377] Remote address 127.0.0.1
      18:16:30,792 ERROR [PortletRequestProcessor:379] Invalid path was requested 1
      18:16:30,860 ERROR [RequestProcessor:676] Invalid path was requested 1
      18:16:30,861 ERROR [PortletRequestProcessor:374] User ID null
      18:16:30,862 ERROR [PortletRequestProcessor:375] Current URL /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:30,863 ERROR [PortletRequestProcessor:376] Referer https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:30,864 ERROR [PortletRequestProcessor:377] Remote address 127.0.0.1
      18:16:30,865 ERROR [PortletRequestProcessor:379] Invalid path was requested 1
      18:16:31,114 ERROR [RequestProcessor:676] Invalid path was requested 1
      18:16:31,115 ERROR [PortletRequestProcessor:374] User ID null
      18:16:31,116 ERROR [PortletRequestProcessor:375] Current URL /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:31,116 ERROR [PortletRequestProcessor:376] Referer https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:31,117 ERROR [PortletRequestProcessor:377] Remote address 127.0.0.1
      18:16:31,117 ERROR [PortletRequestProcessor:379] Invalid path was requested 1
      18:16:31,126 ERROR [RequestProcessor:676] Invalid path was requested 1
      18:16:31,128 ERROR [PortletRequestProcessor:374] User ID null
      18:16:31,128 ERROR [PortletRequestProcessor:375] Current URL /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:31,129 ERROR [PortletRequestProcessor:376] Referer https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:31,130 ERROR [PortletRequestProcessor:377] Remote address 127.0.0.1
      18:16:31,131 ERROR [PortletRequestProcessor:379] Invalid path was requested 1
      18:16:31,368 ERROR [RequestProcessor:676] Invalid path was requested 1
      18:16:31,369 ERROR [PortletRequestProcessor:374] User ID null
      18:16:31,370 ERROR [PortletRequestProcessor:375] Current URL /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view
      18:16:31,370 ERROR [PortletRequestProcessor:376] Referer https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view

      reverse apache log:

      89.173.52.13 - - [02/Nov/2009:19:19:17 +0100] "GET /c HTTP/1.1" 302 373 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:17 +0100] "GET /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view HTTP/1.1" 404 890 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:17 +0100] "GET /c HTTP/1.1" 302 373 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:17 +0100] "GET /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view HTTP/1.1" 404 890 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:17 +0100] "GET /c HTTP/1.1" 302 373 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:18 +0100] "GET /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view HTTP/1.1" 404 890 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:18 +0100] "GET /c HTTP/1.1" 302 373 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:18 +0100] "GET /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view HTTP/1.1" 404 890 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:18 +0100] "GET /c HTTP/1.1" 302 373 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:18 +0100] "GET /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view HTTP/1.1" 404 890 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:18 +0100] "GET /c HTTP/1.1" 302 373 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"
      89.173.52.13 - - [02/Nov/2009:19:19:18 +0100] "GET /?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view HTTP/1.1" 404 890 "https://www.nethemba.com/?p_p_state=maximized&p_p_lifecycle=1&p_p_id=77&_77_struts_action=1&p_p_mode=view" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091028 Ubuntu/9.10 (karmic) Firefox/3.5.4"

      It seems to be a problem Portlet Request Processor.

        Activity

        Hide
        Cynthia Wilburn (Inactive) added a comment -

        This ticket is being closed as inactive due to the date of the last activity on it and a need for a current affected version. If you believe this was done in error, please create a new issue and confirm that it is reproduceable in the current 6 CE GA release.

        In recent months Liferay has received a significant number of anomaly reports many of which are really requests for help. Because of this fact, the real bug reports are no longer easily identifiable. To remedy this problem we need your assistance. We will working towards closing open tickets that meet specific criteria and ask you to create a new issue for those that that are truly bug reports. We'll be monitoring those tickets so that they are properly managed.

        Thank you,
        The Liferay Team
        ICS120109

        Show
        Cynthia Wilburn (Inactive) added a comment - This ticket is being closed as inactive due to the date of the last activity on it and a need for a current affected version. If you believe this was done in error, please create a new issue and confirm that it is reproduceable in the current 6 CE GA release. In recent months Liferay has received a significant number of anomaly reports many of which are really requests for help. Because of this fact, the real bug reports are no longer easily identifiable. To remedy this problem we need your assistance. We will working towards closing open tickets that meet specific criteria and ask you to create a new issue for those that that are truly bug reports. We'll be monitoring those tickets so that they are properly managed. Thank you, The Liferay Team ICS120109
        Hide
        Nilesh Gundecha added a comment -

        Hi Friend,

        I am using the Liferay 6.1.1 GA2 CE and facing very similar issue like above. This started all of the sudden after bunch of folks tried XSS attack. Can you please suggest what should I look in to?

        Nilesh

        Show
        Nilesh Gundecha added a comment - Hi Friend, I am using the Liferay 6.1.1 GA2 CE and facing very similar issue like above. This started all of the sudden after bunch of folks tried XSS attack. Can you please suggest what should I look in to? Nilesh
        Hide
        Pavol Luptak added a comment -

        I think the problem was fixed when I updated my Liferay to 6.1CE GA3, but still have this problem https://issues.liferay.com/browse/LPS-42362, so cannot update it to Liferay 6.2

        Show
        Pavol Luptak added a comment - I think the problem was fixed when I updated my Liferay to 6.1CE GA3, but still have this problem https://issues.liferay.com/browse/LPS-42362 , so cannot update it to Liferay 6.2

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              1 year, 24 weeks, 1 day ago

              Development

                Structure Helper Panel