Hi, Some people are trying to connect to my guacamole instance using tunnel?write=null, I found this in several log reports with the status code 500 in the last week. I suppose these are scanning scripts, maybe looking for some vulnerabilities (?), it seemed strange to me. If it was a 4xx status code like a bad request I would have ignored it, a 500 seemed like a server problem so the report.
Other than this my guacamole instance is working, and yes you right I know I have to upgrade it asap to the latest version. Regards -Fed On Wed, 27 Mar 2024 at 19:10, Nick Couchman <vn...@apache.org> wrote: > On Wed, Mar 27, 2024 at 2:01 PM fed <res...@gmail.com> wrote: > >> Hi, >> >> As I wrote in the object I am running an old version, 1.3.0, I just want >> to report this problem that I found from some requests in the logs, sorry I >> don’t know if it is a false problem or if it was resolved in a newer >> version. >> >> What I found is a request to guacamole_endpoing/tunnel?write:null, this >> will generate a: >> >> HTTP Status 500 – Internal Server Error >> Type Exception Report >> Message String index out of range: 42 >> Description The server encountered an unexpected condition that prevented it >> from fulfilling the request. >> Exception >> java.lang.StringIndexOutOfBoundsException: String index out of range: 42 >> java.lang.String.substring(String.java:1963) >> >> org.apache.guacamole.servlet.GuacamoleHTTPTunnelServlet.handleTunnelRequest(GuacamoleHTTPTunnelServlet.java:251) >> >> org.apache.guacamole.servlet.GuacamoleHTTPTunnelServlet.doGet(GuacamoleHTTPTunnelServlet.java:137) >> javax.servlet.http.HttpServlet.service(HttpServlet.java:626) >> javax.servlet.http.HttpServlet.service(HttpServlet.java:733) >> >> com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263) >> >> com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178) >> >> com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) >> >> com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62) >> >> com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118) >> com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113) >> Note The full stack trace of the root cause is available in the server logs. >> >> Thanks for the help. >> > Can you elaborate on what the problem is - how and when you encounter it - > and what you're expecting to get help with? It seems like writing "null" to > the tunnel endpoint is not something that one would normally do? Is there > some situation you're encountering where you expect this to happen, and > expect a different result? > > Regarding the older version, I'd certainly encourage you to try out one of > the newer versions and see if it still exists - if it does turn out to be a > bug, either in 1.3.0 or in all versions, it would be fixed in a newer > release - we will not go back and patch 1.3.0. > > -Nick > >>
