[seam-issues] [JBoss JIRA] (SOLDER-340) Memory Leak during DOS Attack using OWASP DirBuster

Melloware Inc (JIRA) jira-events at lists.jboss.org
Tue Feb 26 11:03:16 EST 2013

    [ https://issues.jboss.org/browse/SOLDER-340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756856#comment-12756856 ] 

Melloware Inc commented on SOLDER-340:

It is not @ViewScoped issue.  What is happening is that Solder's ServletEventBridgeListener is creating events which contain non-constant qualifiers (using the HTTP method and path), and that is causing a cache to increase in size without limit.
> Memory Leak during DOS Attack using OWASP DirBuster
> ---------------------------------------------------
>                 Key: SOLDER-340
>                 URL: https://issues.jboss.org/browse/SOLDER-340
>             Project: Solder
>          Issue Type: Bug
>          Components: Servlet
>    Affects Versions: 3.2.0.Final
>         Environment: ALL
>            Reporter: Melloware Inc
>            Priority: Critical
>         Attachments: memoryleak.zip
> During performance testing of our application using OWASP DirBuster to simulate a DOS attack scanning for directories it appears our EAP 6.0.1 leaked memory until the JVM Locked up.   Even after manually attempting a GC the memory stays frozen and does not free up.  

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list