Uploaded image for project: 'Solder'
  1. Solder
  2. SOLDER-340

Memory Leak during DOS Attack using OWASP DirBuster

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 3.2.0.Final
    • Fix Version/s: None
    • Component/s: Servlet
    • Labels:
      None
    • Environment:

      ALL

    • Steps to Reproduce:
      Hide

      I have attached a maven project for a simple WAR file that can reproduce it.

      Reproduction Instructions:

      1. Unzip the war and run "mvn clean package" to build the memoryleak.war.

      2. Deploy it in a Jboss AS 7.1.1.

      3. Download and run the OWASP DirBuster app.

      https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

      4. The DirBuster app comes with a file directory-list-2.3-medium.txt which is what we used to simulate the run. It attemps to just access random urls under the main webapp. Attached is a screenshot of our exact settings.

      Show
      I have attached a maven project for a simple WAR file that can reproduce it. Reproduction Instructions: 1. Unzip the war and run "mvn clean package" to build the memoryleak.war. 2. Deploy it in a Jboss AS 7.1.1. 3. Download and run the OWASP DirBuster app. https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project 4. The DirBuster app comes with a file directory-list-2.3-medium.txt which is what we used to simulate the run. It attemps to just access random urls under the main webapp. Attached is a screenshot of our exact settings.

      Description

      During performance testing of our application using OWASP DirBuster to simulate a DOS attack scanning for directories it appears our EAP 6.0.1 leaked memory until the JVM Locked up. Even after manually attempting a GC the memory stays frozen and does not free up.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Melloware Melloware Inc
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated: