WebApp Sec mailing list archives
RE: Errors displayed on a web server
From: "Miller, Joe" <joe.miller () us mizuho-sc com>
Date: Tue, 5 Jul 2005 13:55:49 -0400
A custom servlet is registered within the web.xml file to handle URL's that match the pattern that you are generating. It appears that the code that handles this request does not understand the pattern passed in, therefore throwing a java exception within the doPost() and/or doGet() code of the servlet. It looks like the developer must add a try/except statement around the servlet code to catch url patterns that are not of interest to the application and redirect the exception to an appropriate page. Hope this helps. -----Original Message----- From: Daniel [mailto:deeper () gmail com] Sent: Tuesday, July 05, 2005 11:33 AM To: Bénoni MARTIN Cc: webappsec () securityfocus com Subject: Re: Errors displayed on a web server well its WebSphere for sure, and what ever you were doing with the URL's made it throw a hissyfit Was this just for non existant urls or were you doing some fuzzing as well? On 7/5/05, Bénoni MARTIN <Benoni.MARTIN () libertis ga> wrote:
Hi list,
I am currently performing a pen-test on a company's web server, and I found the following error display when testing
some random-generated URLs. It seems to be some Java code, but as I do not know this language, anyone skilled on tha
can tell me if this stuff can be useful for further attacks or not (the real company name has been hidden behind
****)?
<---------- // Snip ---------->
A recursive error was detected.
The server cannot use specified error page. Please check the application error-path.
Original Error:
Error Message: File not found: //profile*
Error Code: 404
Target Servlet: File Serving Enabler
Error Stack:
--------------------------------------------------------------------------------
Root Error-1: File not found: //profile*
com.ibm.servlet.engine.webapp.WebAppErrorReport: File not found: //profile*
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at javax.servlet.ServletException.<init>(Compiled Code)
at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled
Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
at java.lang.Thread.run(Thread.java:479)
Recursive Error:
Error Message: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is not
deliverd by this application !
Error Code: 0
Target Servlet: null
Error Stack:
--------------------------------------------------------------------------------
Root Error-1: Requested path : /ga/profile* is not deliverd by this application !
javax.servlet.ServletException: Requested path : /ga/profile* is not deliverd by this application !
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at javax.servlet.ServletException.<init>(Compiled Code)
at com.***********.fo.engine.Srv***********.doPost(Compiled Code)
at com.***********.fo.engine.Srv***********.doGet(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.include(Compiled Code)
at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled
Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
at java.lang.Thread.run(Thread.java:479)
--------------------------------------------------------------------------------
Wrapped Error-2: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is
not deliverd by this application !
com.ibm.servlet.engine.webapp.UncaughtServletException: Server caught unhandled exception from servlet
[Srv***********]: Requested path : /ga/profile* is not deliverd by this application !
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at javax.servlet.ServletException.<init>(Compiled Code)
at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
at com.ibm.servlet.engine.webapp.UncaughtServletException.<init>(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.include(Compiled Code)
at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled
Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
at java.lang.Thread.run(Thread.java:479)
--------------------------------------------------------------------------------
Wrapped Error-3: Server caught unhandled exception from servlet [Srv***********]: Requested path : /ga/profile* is
not deliverd by this application !
com.ibm.servlet.engine.webapp.WebAppErrorReport: Server caught unhandled exception from servlet [Srv***********]:
Requested path : /ga/profile* is not deliverd by this application !
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at javax.servlet.ServletException.<init>(Compiled Code)
at com.ibm.websphere.servlet.error.ServletErrorReport.<init>(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppErrorReport.<init>(Compiled Code)
at com.ibm.servlet.engine.webapp.WebApp.sendError(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppDispatcherResponse.sendError(Compiled Code)
at com.ibm.servlet.engine.webapp.SimpleFileServlet.doGet(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictServletInstance.doService(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet._service(Compiled Code)
at com.ibm.servlet.engine.webapp.IdleServletState.service(Compiled Code)
at com.ibm.servlet.engine.webapp.StrictLifecycleServlet.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstance.service(Compiled Code)
at com.ibm.servlet.engine.webapp.ValidServletReferenceState.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.ServletInstanceReference.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.handleWebAppDispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.dispatch(Compiled Code)
at com.ibm.servlet.engine.webapp.WebAppRequestDispatcher.forward(Compiled Code)
at com.ibm.servlet.engine.srt.WebAppInvoker.handleInvocationHook(Compiled Code)
at com.ibm.servlet.engine.invocation.CachedInvocation.handleInvocation(Compiled Code)
at com.ibm.servlet.engine.srp.ServletRequestProcessor.dispatchByURI(Compiled Code)
at com.ibm.servlet.engine.oselistener.OSEListenerDispatcher.service(Compiled Code)
at com.ibm.servlet.engine.oselistener.SQEventListenerImp$ServiceRunnable.run(Compiled Code)
at com.ibm.servlet.engine.oselistener.SQEventListenerImp.notifySQEvent(Compiled Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQEventSource.notifyEvent(Compiled Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.notifyService(Compiled
Code)
at com.ibm.servlet.engine.oselistener.serverqueue.SQWrapperEventSource$SelectRunnable.run(Compiled Code)
at com.ibm.servlet.engine.oselistener.outofproc.OutOfProcThread$CtlRunnable.run(Compiled Code)
at java.lang.Thread.run(Thread.java:479)
<---------- Snip // ---------->
#####################################################################################
CONFIDENTIAL: This e-mail, including its contents and attachments, if any, are confidential. It is neither an offer to
buy or sell, nor a solicitation of an offer to buy or sell, any securities or any related financial instruments
mentioned in it. If you are not the named recipient please notify the sender and immediately delete it. You may not
disseminate, distribute, or forward this e-mail message or disclose its contents to anybody else. Unless otherwise
indicated, copyright and any other intellectual property rights in its contents are the sole property of Mizuho
Securities USA Inc.
E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept
liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Although we routinely screen for viruses, addressees should check this e-mail and any attachments for viruses. We
make no representation or warranty as to the absence of viruses in this e-mail or any attachments. Please note that to
ensure regulatory compliance and for the protection of our customers and business, we may monitor and read e-mails sent
to and from our server(s).
#####################################################################################
Current thread:
- Errors displayed on a web server Bénoni MARTIN (Jul 05)
- Re: Errors displayed on a web server Daniel (Jul 05)
- <Possible follow-ups>
- RE: Errors displayed on a web server Miller, Joe (Jul 05)