2

我刚刚在我的服务器日志中发现了一个似乎不是由使用我的Java EE7应用程序的员工触发的异常。这发生在Wildfly-8.1.0.Final安装上。
它说Exception handling request to /manager/html/upload: java.lang.IllegalStateException: UT000046: The number of cookies sent exceeded the maximum of 200,但日志说当时没有登录用户。此外,甚至不存在资源/manager/html/upload

我通过 注册了许多自动闯入尝试sshd,这是否也是由机器人试图暴力破解可能的后端引起的?

这会影响正常的应用程序使用吗?有没有办法防止此类错误?

这是完整的堆栈跟踪:

2014-11-27 14:55:10,655 ERROR [io.undertow.request] (default task-9) UT005023: Exception handling request to /manager/html/upload: java.lang.IllegalStateException: UT000046: The number of cookies sent exceeded the maximum of 200
    at io.undertow.util.Cookies.createCookie(Cookies.java:285) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.util.Cookies.parseCookie(Cookies.java:221) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.util.Cookies.parseRequestCookies(Cookies.java:181) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.HttpServerExchange.getRequestCookies(HttpServerExchange.java:1003) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.session.SessionCookieConfig.findSessionId(SessionCookieConfig.java:83) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.spec.SessionCookieConfigImpl.findSessionId(SessionCookieConfigImpl.java:58) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at org.wildfly.extension.undertow.session.CodecSessionConfig.findSessionId(CodecSessionConfig.java:56)
    at io.undertow.server.session.InMemorySessionManager.getSession(InMemorySessionManager.java:142) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:677) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:353) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at org.jboss.weld.servlet.SessionHolder.requestInitialized(SessionHolder.java:47) [weld-core-impl-2.1.2.Final.jar:2014-01-09 09:23]
    at org.jboss.weld.servlet.HttpContextLifecycle.requestInitialized(HttpContextLifecycle.java:168) [weld-core-impl-2.1.2.Final.jar:2014-01-09 09:23]
    at org.jboss.weld.servlet.WeldInitialListener.requestInitialized(WeldInitialListener.java:153) [weld-core-impl-2.1.2.Final.jar:2014-01-09 09:23]
    at io.undertow.servlet.core.ApplicationListeners.requestInitialized(ApplicationListeners.java:216) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:239) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_25]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_25]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]

2014-11-27 14:55:10,663 ERROR [io.undertow.request] (default task-9) UT005022: Exception generating error page /errors/error.xhtml: java.lang.RuntimeException: java.lang.IllegalStateException: UT000046: The number of cookies sent exceeded the maximum of 200
    at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:408) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:319) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:263) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_25]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_25]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
Caused by: java.lang.IllegalStateException: UT000046: The number of cookies sent exceeded the maximum of 200
    at io.undertow.util.Cookies.createCookie(Cookies.java:285) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.util.Cookies.parseCookie(Cookies.java:221) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.util.Cookies.parseRequestCookies(Cookies.java:181) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.HttpServerExchange.getRequestCookies(HttpServerExchange.java:1003) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.session.SessionCookieConfig.findSessionId(SessionCookieConfig.java:83) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.spec.SessionCookieConfigImpl.findSessionId(SessionCookieConfigImpl.java:58) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at org.wildfly.extension.undertow.session.CodecSessionConfig.findSessionId(CodecSessionConfig.java:56)
    at io.undertow.server.session.InMemorySessionManager.getSession(InMemorySessionManager.java:142) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:677) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.spec.HttpServletRequestImpl.getSession(HttpServletRequestImpl.java:353) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at org.omnifaces.filter.HttpFilter.doFilter(HttpFilter.java:76) [omnifaces-1.8.1.jar:1.8.1-20140603]
    at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:229) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:172) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:402) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    ... 10 more

2014-11-27 14:55:10,673 ERROR [io.undertow.servlet.request] (default task-9) UT015005: Error invoking method requestDestroyed on listener class org.jboss.weld.servlet.WeldInitialListener: java.lang.NullPointerException
    at org.jboss.weld.context.AbstractBoundContext.deactivate(AbstractBoundContext.java:71) [weld-core-impl-2.1.2.Final.jar:2014-01-09 09:23]
    at org.jboss.weld.context.http.HttpRequestContextImpl.deactivate(HttpRequestContextImpl.java:70) [weld-core-impl-2.1.2.Final.jar:2014-01-09 09:23]
    at org.jboss.weld.servlet.HttpContextLifecycle.requestDestroyed(HttpContextLifecycle.java:225) [weld-core-impl-2.1.2.Final.jar:2014-01-09 09:23]
    at org.jboss.weld.servlet.WeldInitialListener.requestDestroyed(WeldInitialListener.java:136) [weld-core-impl-2.1.2.Final.jar:2014-01-09 09:23]
    at io.undertow.servlet.core.ApplicationListeners.requestDestroyed(ApplicationListeners.java:225) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:283) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_25]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_25]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]

2014-11-27 14:55:10,674 ERROR [io.undertow.request] (default task-9) Blocking request failed HttpServerExchange{ GET /errors/error.xhtml}: java.lang.IllegalStateException: UT000046: The number of cookies sent exceeded the maximum of 200
    at io.undertow.util.Cookies.createCookie(Cookies.java:285)
    at io.undertow.util.Cookies.parseCookie(Cookies.java:221)
    at io.undertow.util.Cookies.parseRequestCookies(Cookies.java:181)
    at io.undertow.server.HttpServerExchange.getRequestCookies(HttpServerExchange.java:1003)
    at io.undertow.server.session.SessionCookieConfig.findSessionId(SessionCookieConfig.java:83)
    at io.undertow.servlet.spec.SessionCookieConfigImpl.findSessionId(SessionCookieConfigImpl.java:58)
    at org.wildfly.extension.undertow.session.CodecSessionConfig.findSessionId(CodecSessionConfig.java:56)
    at io.undertow.server.session.InMemorySessionManager.getSession(InMemorySessionManager.java:142)
    at io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:677)
    at io.undertow.servlet.spec.ServletContextImpl.getSession(ServletContextImpl.java:707)
    at io.undertow.servlet.spec.ServletContextImpl.updateSessionAccessTime(ServletContextImpl.java:711)
    at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:522)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:287)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_25]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_25]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
4

1 回答 1

2

再次重温这一点,我发现,这似乎确实是一种安全措施

起初我认为,undertow 不能在特定时间范围内只生成有限数量的 cookie,但事实并非如此。如果攻击者试图通过在请求中发送大量 cookie 来攻击您的 Web 服务器,则会引发此异常,这可能会导致缓冲区溢出。

这是源代码的一部分,我从那里得到这个想法,以防链接失效:

请求中的 Cookie 过多

详细说明

每个 HTTP 请求都可能包含 cookie。这些 cookie 包含发送请求的用户的附加属性,例如个性化信息、会话标识符等。由于 cookie 由服务器而不是客户端设置,因此每个应用程序的 cookie 数量通常是静态的。

这是什么意思?

在两种主要情况下,攻击者可能希望发送包含许多 cookie 的请求。一种情况是尝试发送大量 cookie 数据,这可能会导致解析机制失败。攻击者将注入额外 cookie 的另一种情况是试图欺骗依赖 cookie 数据的安全组件。

可能的攻击

与此违规相关的最有可能的攻击是针对 Web 服务器解析机制或针对处理 cookie 的应用程序的缓冲区溢出攻击。它还可能与各种拒绝服务攻击以及对安全机制的规避有关。

攻击检测

此违规的单个实例表明攻击者尝试发送包含过多 cookie 的请求。用户不会意外创建额外的 cookie。

检测误报

某些应用程序实际上可能会使用大量 cookie。这可能是通过 cookie 在客户端存储了许多变量的结果,或者是使用动态生成的 cookie 的结果,这些 cookie 在整个会话期间不断替换,而没有正确擦除过期的 cookie。

于 2016-05-30T09:23:25.517 回答