tracker issue : CF-4198853

Problem Description: McAffee scanner scans our sites for vulnerabilities. Our servers begin having high cpu usage by coldfusion.exe. Up to 90% of cpu usage allocated to coldfusion.exe. Inspecting coldfusion-error.log files we have discovered org.eclipse.jetty.http.HttpParser$IllegalCharacterExceptions that correlate with spikes in high CPU usage. The last spike in CPU usage began at the same time as the the error listed in Actual Result: below. 

We have been trying to diagnose this issue that began after we updated to ColdFusion 2016 and so far this is the only correlation we have been able to find. 

Researching this error I found the following artilcle. https://stackoverflow.com/questions/25625410/jetty-9-warning-badmessage-400-illegal-character

Steps to Reproduce: We have restarted the servers to get CPU usage reset to 10-20% levels only to find them increasing again during these scans where these errors begin to occur.

Actual Result:
Jun 10, 2017 2:12:15 AM org.eclipse.jetty.http.HttpParser$IllegalCharacterException <init>
WARNING: Illegal character 0x16 in state=START for buffer HeapByteBuffer@9b02c99[p=1,l=247,c=8192,r=246]={\x16<<<\x03\x01\x00\xF2\x01\x00\x00\xEe\x03\x01\xC9 \xB12\x180\xD9...\x00\x0c\x00\t\x00\n\x00#\x00\x00\x00\x0f\x00\x01\x01>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}

Expected Result:

Any Workarounds: None I am aware of other than restarting the Cold Fusion Application service

Attachments:

1. June 12, 2017 00:00:00: Screen Shot 2017-06-12 at 9.01.32 AM.png

Comments: