[
https://issues.apache.org/jira/browse/AXIS2-5440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485583#comment-13485583
]
Ladislav Lencucha commented on AXIS2-5440:
------------------------------------------
Hi,
ok. So what now?
1. haven't tested with tcpmon, but in Chrome and Firefox debug console I
clearly see:
Request
URL:http://localhost:8080/SuiteConsoleServer/services/rest/getAgent?agent=0223938
Request Method:GET
2. I need to call the webservice from within web browser (as you can see using
jquery), do I have an option to force GET when you say it is in fact OPTION?
(note that I don't believe it is sending OPTION)
3. I don't have a problem with content type mapping - I was able to generate
request header with the same cpu consuming result as above that contains:
Accept:application/json, text/javascript, */*; q=0.01
4. Yes, I am and always was able to generate the xml file, if the content type
is e.g. application/xml. The only problem is with application/json where it
hangs (and therefore I think it is not a problem of GET vs OPTION), because it
is called within the same web browser with only different Accept header.
Anyway, I find it a very easy way for a potentiall attacker to deplete the cpu
and do some kind of dos easier.
Br,
Ladislav
> Tomcat using 100% CPU when application/json (JSONMessageFormatter) is used
> --------------------------------------------------------------------------
>
> Key: AXIS2-5440
> URL: https://issues.apache.org/jira/browse/AXIS2-5440
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.6.0, 1.6.2
> Environment: Apache Tomcat/6.0.35 1.6.0_21-b07 Sun
> Microsystems Inc. Windows 7 6.1 x86
> Reporter: Ladislav Lencucha
> Labels: JSON
> Attachments: axis2.xml, ConsoleServer.aar, ws.zip
>
>
> I am trying to connect to my webservice using GET + JSON.
> I've added JSONMessageFormatter and JSONOMBuilder for "application/json"
> content type.
> When I try to call the webservice using jQuery and HTTP GET with content type
> "application/xml" I receive the response almost immediately (note that there
> is a jQuery error raised afterwards, because Xml cannot be parsed as JSON).
> When I try to call the webservice using the same code but with content type
> "application/json" there is no response and Tomcat uses 100% of CPU (there
> are also some messages in log file mentioning that it should have ended).
> See my aar file and jQuery example attached. Also see my axis2.xml
> configuration.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
