[seam-issues] [JBoss JIRA] (SOLDER-340) Memory Leak during DOS Attack using OWASP DirBuster
Melloware Inc (JIRA)
jira-events at lists.jboss.org
Tue Feb 26 11:03:16 EST 2013
[ https://issues.jboss.org/browse/SOLDER-340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756856#comment-12756856 ]
Melloware Inc commented on SOLDER-340:
--------------------------------------
It is not @ViewScoped issue. What is happening is that Solder's ServletEventBridgeListener is creating events which contain non-constant qualifiers (using the HTTP method and path), and that is causing a cache to increase in size without limit.
> Memory Leak during DOS Attack using OWASP DirBuster
> ---------------------------------------------------
>
> Key: SOLDER-340
> URL: https://issues.jboss.org/browse/SOLDER-340
> Project: Solder
> Issue Type: Bug
> Components: Servlet
> Affects Versions: 3.2.0.Final
> Environment: ALL
> Reporter: Melloware Inc
> Priority: Critical
> Attachments: memoryleak.zip
>
>
> During performance testing of our application using OWASP DirBuster to simulate a DOS attack scanning for directories it appears our EAP 6.0.1 leaked memory until the JVM Locked up. Even after manually attempting a GC the memory stays frozen and does not free up.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list