Win a copy of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 this week in the Programmer Certification forum!

Tommy Griffith

Ranch Hand
+ Follow
since Aug 03, 2010
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
1
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Tommy Griffith

In summary, localhost should display every single request, while catalina displays some exceptions which may be triggered by some of the requests.

localhost has everything to trace the requests...?
10 hours ago
ok, thanks. i read up on activating valves within server.xml....activating the logging valve produces...

localhost_access_log.yyy-mm-dd.txt

which is already happening. I'm not sure if it is via default (Tomcat 9). I might have gone down this road before and activated the valve when I installed, I can't remember.

Anyway, I now understand the difference/purpose between


catalina.yyy-mm-dd.log

and

localhost_access_log.yyy-mm-dd.txt


So if I try to "line up" the weird error times in catalina with the IP and request times in localhost_access, they almost align. All requests are coming from that same IP referenced earlier. So they seem to point to that internal vulnerability software.

1. There are a bunch invalid message received errors logged in catalina between 2:23 and 2:28. However, localhost starts logging GETS between 2:26 and 2:43.

2. Another set form the same IP appears oin both logs at 2:56, those seem to synch almost perfectly.

Since all this junk happens wihtin the same half hour every day, I'm sure it's the same internal source. However, could those time differences be normal, attributable to,I don't know, processing times within Tomcat and network? thank you.


1 day ago
Thank you. I renamed them but I will delete them all together. I'd really like to find out what is trying to access it. I don't know if it's related to the vulnerability software, because it is only on the development server. I guess the only way to know would be anti-virus, nothing can be captured in the Tomcat log, right?

javax.servlet.jsp.JspTagException: Invalid JSP file ?
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)

javax.servlet.jsp.JspTagException: Invalid JSP file /jsp/
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)

javax.servlet.jsp.JspTagException: Invalid JSP file %2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)

1 week ago
Hello. Thanks so much for your assistance. They just told me the IP is for their Tenable Nessus vulnerability scanner, so I guess it looks like their testing vulnerabilities with all those GETS.

What I'm still concerned about is the thing going into the examples folder. Renaming it seems to make it go away but I don't like that something is in there. I was told Mcafee is full on with the server and I jsut don't get how any malware could be injected in some innocuous dev server behind a firewall/vpn/etc. Those log entries have no origin ip and I don't know if it could be some sort of other vulnerability scan.

I have seen quicker performance after renaming the examples folder.

1 week ago
Thanks so much. The server admin renamed examples and that exception did go away. I'm still worried about that dead cookie thing, I think that is somehow related to all this.

I know this is long but I'm seeing this weird set of lines n the log, maybe a glimpse will indicate something, like is this some sort of hack attempt?...all the GETs, 200 and 404s?...

Actually, I see lotus notes files in there, this thing is scrolling the file directories it looks like. Now that I've gone back, I see these types of entries since the install...maybe I'm being paranoid over the cookie and the thing using examples.

The 111.11.11.111 is a fake ip I put in there...

111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET //perl.exe?-v HTTP/1.1" 404 1086
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:53 -0500] "GET /login?redirects=10 HTTP/1.1" 404 1078
111.11.11.111 - - [07/Nov/2019:02:30:54 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:54 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1494107155 HTTP/1.1" 404 1087
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet991665113. HTTP/1.1" 404 1087
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet2041817301.asp HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet664732588.aspx HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet600815077.html HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet363404008.htm HTTP/1.1" 404 1090
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1016239117.shtm HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1577129873.shtml HTTP/1.1" 404 1093
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1456605888.jsp HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1040198048.jspx HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1976071744.php HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet715448670.php3 HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet570167550.php4 HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1687952712.php5 HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet1643283870.php6 HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:55 -0500] "GET /niet379062877.cfm HTTP/1.1" 404 1090
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET /cgi-bin/com5.pl HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET /forum.php HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:56 -0500] "GET /header.php HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /login.php HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /pluto/portal/ HTTP/1.1" 404 1094
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /sitemap.xml HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /sitemap/sitemap.xml HTTP/1.1" 404 1096
111.11.11.111 - - [07/Nov/2019:02:30:57 -0500] "GET /map/sitemap.xml HTTP/1.1" 404 1092
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /account.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /accounts.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /admin4.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /agentrunner.nsf HTTP/1.1" 404 1088
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /AgentRunner.nsf HTTP/1.1" 404 1088
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /archive/a_domlog.nsf HTTP/1.1" 404 1097
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /archive/l_domlog.nsf HTTP/1.1" 404 1097
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /bookmark.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /books.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /busytime.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /calendar.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /catalog.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /cersvr.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /certlog.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /certsrv.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /collect4.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /cpa.nsf HTTP/1.1" 404 1080
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /database.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /db.nsf HTTP/1.1" 404 1079
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /dbdirman.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /decsadm.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /default.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /doladmin.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /domcfg.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /domguide.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /domino.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /domlog.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /events4.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /group.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /groups.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /hidden.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /iNotes/Forms5.nsf HTTP/1.1" 404 1094
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /lccon.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /ldap.nsf HTTP/1.1" 404 1081
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /lndfr.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /log.nsf HTTP/1.1" 404 1080
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /loga4.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mab.nsf HTTP/1.1" 404 1080
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mail.box HTTP/1.1" 404 1081
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mail/admin.nsf HTTP/1.1" 404 1091
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mailw46.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:02 -0500] "GET /mtabtbls.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /name.nsf HTTP/1.1" 404 1081
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /names.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /nntppost.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /notes.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /ntsync4.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /private.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /products.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /proghelp/KBCCV11.nsf HTTP/1.1" 404 1097
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /public.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /qstart.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /quickstart/qstart50.nsf HTTP/1.1" 404 1100
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /quickstart/wwsample.nsf HTTP/1.1" 404 1100
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /reports.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /sample/faqw46.nsf HTTP/1.1" 404 1094
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /sample/framew46.nsf HTTP/1.1" 404 1096
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /secret.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /secure.nsf HTTP/1.1" 404 1083
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /setup.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /smtpibwq.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /smtpobwq.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /smtptbls.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /software.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /statmail.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /statrep.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /statsrep.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /stats675.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /user.nsf HTTP/1.1" 404 1081
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /users.nsf HTTP/1.1" 404 1082
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /webadmin.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /welcome.nsf HTTP/1.1" 404 1084
111.11.11.111 - - [07/Nov/2019:02:31:03 -0500] "GET /zmevladm.nsf HTTP/1.1" 404 1085
111.11.11.111 - - [07/Nov/2019:02:31:06 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:31:06 -0500] "GET null null" 400 -
111.11.11.111 - - [07/Nov/2019:02:31:07 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:31:07 -0500] "GET /portal/page/portal/Design_Time_PG/Welcome HTTP/1.1" 404 1130
111.11.11.111 - - [07/Nov/2019:02:31:07 -0500] "GET /page/portal/Design_Time_PG/Welcome HTTP/1.1" 404 1119
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET / HTTP/1.1" 200 11450
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1129
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1133
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV1_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV2_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV3_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV4_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV5_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV6_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV7_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV8_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134
111.11.11.111 - - [07/Nov/2019:02:31:08 -0500] "GET /portal/portal/DEV9_PORTAL_DEMO.ORG_CHART.SHOW HTTP/1.1" 404 1134

1 week ago
ugh, the original jsp parsing errors returned.

I have Tomcat 9.0.11 running as the servie and a couple of older Tomcats sitting unstarted as services. Those shouldn't be exploited, right?

Maybe remove examples folder or will that cause an issue?

I asked the server people about running anti-malware and check disk, but I'm afraid this might cause a big ruckus over Tomcat security...
2 weeks ago
I think netware has the "ncf" extension, notes databases are "nsf".

While going through the Tomcat 9 logs working on this, I noticed these two apparently "random" exceptions. This is from the backup prod server so there weren't any manual http requests that I am aware of (first issue below) and the war apps don't use cookies (second issue)...

I saw a guy on stackoverflow with the same exceptions post-upgrade to Tomcat 9 so I lifted his below. I see the same exact two exceptions...

It's weird as the servlets seem to be working ok and no request was made on this server, at least by an end user. I've read where the first exception might have to do with [] or {} in the request url but the log doesn't reveal any urls.


First issue:

30-Sep-2019 20:40:04.146 INFO [http-nio-8009-exec-24] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:415) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:292) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834)

Second issue:

02-Oct-2019 03:08:29.694 INFO [https-jsse-nio2-8443-exec-23] org.apache.tomcat.util.http.parser.Cookie.logInvalidHeader A cookie header was received [::7907=pub_site.1569985617; ezoab_7907=mod1; ezoref_7907=; ezoadgid_7907=-1] that contained an invalid cookie. That cookie will be ignored. Note: further occurrences of this error will be logged at DEBUG level.
3 weeks ago
Thank you so much. The open port is a great point for older Tomcat. Could it be a security risk to have JVM 5 sitting out on the server, with it's own java.exe?

It apparently turned out, for whatever reason, to be something with a temporary backup of three Lotus Notes databases. The resource usage went really high on the server and when I removed the backups, it seemed stable again.
3 weeks ago
Would the following two also point to malware?...

javax.servlet.jsp.JspTagException: Invalid JSP file ?
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)

javax.servlet.jsp.JspTagException: Invalid JSP file /jsp/
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)

This is like a one guy development server inside secure firewall with vpn only access.

there are early versions of JVM and Tomcat 5 folders still sitting on the machine although Tomcat 9 is currently running om JVM 9. Could those early versions be the issue? Could i just manually remove/delete the file folders for tomcat 5 and the old JVMs?

thank you.
3 weeks ago
Hi, this is the full trace... the ncf line in red is interesting. I think the server was upgraded to Windows 12 a few weeks ago but it seemed to be working. I noticed a slow down in performance but today, it is toast with these errors...


29-Oct-2019 02:35:37.478 SEVERE [http-nio-8080-exec-10] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [jsp] in context with path [/examples] threw exception [An exception occurred processing [jsp/source.jsp] at line [21]

Unable to display JSP extract. Probably due to an XML parser bug (see Tomcat bug 48498 for details).

Stacktrace:] with root cause
javax.servlet.jsp.JspTagException: Invalid JSP file ?
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:444)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:386)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:330)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:501)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:844)

29-Oct-2019 02:35:37.478 INFO [http-nio-8080-exec-3] org.apache.catalina.core.ApplicationContext.log SessionListener: sessionCreated('435D932218B26836BC2E32780AC302C5')
29-Oct-2019 02:35:37.478 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [jsp] in context with path [/examples] threw exception [An exception occurred processing [jsp/source.jsp] at line [21]

Unable to display JSP extract. Probably due to an XML parser bug (see Tomcat bug 48498 for details).

Stacktrace:] with root cause
javax.servlet.jsp.JspTagException: Invalid JSP file /jsp/
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:444)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:386)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:330)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:501)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:844)

29-Oct-2019 02:35:40.932 INFO [http-nio-8080-exec-6] org.apache.catalina.core.ApplicationContext.log SessionListener: sessionCreated('3C37EBC4CD1AA9C037B9BDA83758C063')
29-Oct-2019 02:35:40.932 SEVERE [http-nio-8080-exec-6] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [jsp] in context with path [/examples] threw exception [An exception occurred processing [jsp/source.jsp] at line [21]

Unable to display JSP extract. Probably due to an XML parser bug (see Tomcat bug 48498 for details).

Stacktrace:] with root cause
javax.servlet.jsp.JspTagException: Invalid JSP file %2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
at examples.ShowSource.doEndTag(ShowSource.java:46)
at org.apache.jsp.jsp.source_jsp._jspService(source_jsp.java:130)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:444)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:386)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:330)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:501)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:844)
3 weeks ago
Hello. Out of the blue, I received the following error...

...with root cause javax.servlet.jsp.JspTagException: Invalid JSP file ? at examples.ShowSource.doEndTag....

Would anybody know why this showed up all of the sudden? I changed nothign with Tomcat nor the JVM. Thank you so much for reading.
3 weeks ago
Thank you, Tim, I tried to put javaee-api-8.0.jar into the app, redeployed, and still getting the same java.langNoClassDefFoundError: org/omg/CORBA/UserException

I'm beginning to wonder if it's even bundled in this jar. This is really frustrating.
1 year ago
I should qualify my statement. One of the apps I did find the source code and I had to revamp some of the classes to work with Oracle cursors (previously it integrated with SQL Server). The second app, I suspect, is closely related in source code but that was lost way back when a server died suddenly. So I could get the second going based on the first source code, I think.

Nevertheless, they are going to move these apps, just as likely non-Java, so I can't be funded to re-do these two apps at this stage. They aren't major, they integrate Oracle and Lotus Domino data.

I suspect there is a straight-forward way to move that API in to either TOmcat or the JRE.

I've tried putting javaee-api-8.0.jar ito Tomcat lib as well as bpoth the JDK/JRE 9 lib folders but it doesn't see anything.

1 year ago
Hi, Tim. Thank you. yes, these are two web apps which I am trying to keep running as the plan is to replace them. I inherited the project and recently upgraded from Tomcat 5 and JDK 5 to 9 and 8 respectively. I had to work through several configuration changes and issues but they are running. The other rub is I do not have the source code for these. So I need to keep them running at the highest levels of Tomcat/JDK possible until replacement.

So, if possible, I am hoping backward compatible these in Java 9.
1 year ago
Hi I found a javaee-api jar at...

https://mvnrepository.com/artifact/javax/javaee-api/8.0

dumped it into the Tomcat lib, restarted.

however, still receiving...

java.lang.noClassDefFoundError: org/omg/CORBA/UserException

So I'm kind of where this started. If anybody has any thoughs, I would appreciate them. Thank you.
1 year ago