This is an old bug, first discovered in 2003, but now was applied to the hash table functions from the new programming languages. The main idea behind this bug is to create hashes which collide, because collision will eat a lot more cpu cycles on your server. For a post of 2 MB is resulting in a 44 minutes of CPU time which will results in a DOS.

Share this post

Hide Bookmarks

I should admit, I didn’t read the Glassfish 3.1 Administration Manual, and I don’t know if this is documented. Anyway the main problem appeared when I tried to connect on my cluster instances with admin credentials. If I connect with VisualVM or JConsole to Domain Administration Server (DAS) on 8686 I don’t have any problem. When I’m trying to connect to my cluster instances on port 28686 with admin credentials I get from JConsole

Share this post

…

I switched all my Java Glassfish webservices to SSL, because I wanted to have an encrypted communication between me and my clients. Until then, all my applications worked flawlessly over the HTTP protocol, but now, after switching to SSL, I got the following error:

Share this post

Hide Bookmarks

It’s been a while since I configured the latest Dynamic Mass Virtual Hosting Server. Last time I used mod_vhost_alias to create a dynamic virtual hosting and it worked without any problem for what we need in that time. Then we didn’t care about the ftp and virtual users, the sites was updated from web pages and security was pretty much handled by upload application who managed the virtual hosting. Now, the problem is a little bit changed: We need a secure sever which should support ftp virtual users with quota …

Everyone, with a decent Linux security knowledge, should know about ModSecurity – Open Source Web Application Firewall. Personally, I know this mod from 2004 and it help me a lot in detecting and/or preventing malicious attacks before reaching my customers applications.