tracker issue : CF-3319611

select a category, or use search below
(searches all categories and all time range)
Title:

Jrun busy error from connector when tested against sql-injection-attacks

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/

Reporter/Name(from Bugbase): Jörg Zimmer / Jörg Zimmer (Jörg Zimmer)

Created: 08/28/2012

Components: Security

Versions: 9.0.1

Failure Type: Non Functioning

Found In Build/Fixed In Build: 9.0.1 /

Priority/Frequency: Critical / Most users will encounter

Locale/System: English / Linux All

Vote Count: 0

Problem Description: We are under permanent security tests by whitehatsecurity. As they introduced additional sql-injection-test, we discovered JRUN busy errors from time to time in every running application for random users.

Steps to Reproduce: whitehatsec could not tell me which specific tests have been added.

Actual Result: JRUN busy error page for random user and random application

Expected Result: no error :)

Any Workarounds: Suspended tests by whitehatsec - this is no permanent solution.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3319611

External Customer Info:
External Company:  
External Customer Name: Joerg.Zimmer
External Customer Email:  
External Test Config: CF 9,0,1,274733

SLES 11

DB: PostgreSQL 9.1 and also MySQL 5.1

Attachments:

Comments:

This was submitted mid 2011 as you can see on this mirror: http://www.elliottsprehn.com/cfbugs/bugs/86980#
Comment by External U.
18266 | August 28, 2012 09:09:38 AM GMT
Can we have a repro case please ? The above details are insufficient to repro the vulnerability . Can you try to repro the Issue after applying the latest jrun hotfix ? The hofix contains few jrun fixes including one DOS fix for jrun . https://www.adobe.com/support/security/bulletins/apsb13-19.html (Comment added from ex-user id:yrr)
Comment by Adobe D.
18267 | October 07, 2013 11:49:55 PM GMT
Since there has been no response, closing the bug. If you still do face the issue, let us know, we would reopen the bug.
Comment by S P.
18268 | December 03, 2014 01:35:13 AM GMT