[seam-issues] [JBoss JIRA] (SOLDER-340) Memory Leak during DOS Attack using OWASP DirBuster

Melloware Inc (JIRA) jira-events at lists.jboss.org
Tue Feb 26 10:40:56 EST 2013 

     [ https://issues.jboss.org/browse/SOLDER-340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Melloware Inc updated SOLDER-340:
---------------------------------

    Steps to Reproduce: 
I have attached a maven project for a simple WAR file that can reproduce it.  

Reproduction Instructions:

1. Unzip the war and run "mvn clean package" to build the memoryleak.war.

2. Deploy it in a Jboss AS 7.1.1.

3. Download and run the OWASP DirBuster app.

https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

4. The DirBuster app comes with a file directory-list-2.3-medium.txt which is what we used to simulate the run.  It attemps to just access random urls under the main webapp. Attached is a screenshot of our exact settings.

  was:
I have attached a maven project for a simple WAR file that can reproduce it.  

Reproduction Instructions:

1. Unzip the war and run "mvn clean package" to build the memoryleak.war.

2. Deploy it in a Jboss EAP 6.

3. Download and run the OWASP DirBuster app.

https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

4. The DirBuster app comes with a file directory-list-2.3-medium.txt which is what we used to simulate the run.  It attemps to just access random urls under the main webapp. Attached is a screenshot of our exact settings.


    
> Memory Leak during DOS Attack using OWASP DirBuster
> ---------------------------------------------------
>
>                 Key: SOLDER-340
>                 URL: https://issues.jboss.org/browse/SOLDER-340
>             Project: Solder
>          Issue Type: Bug
>          Components: Servlet
>    Affects Versions: 3.2.0.Final
>         Environment: ALL
>            Reporter: Melloware Inc
>            Priority: Critical
>         Attachments: memoryleak.zip
>
>
> During performance testing of our application using OWASP DirBuster to simulate a DOS attack scanning for directories it appears our EAP 6.0.1 leaked memory until the JVM Locked up.   Even after manually attempting a GC the memory stays frozen and does not free up.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list