jserv wrapper error

2011.10.08
Credit: Daniel Delgado
Risk: Low
Local: No
Remote: No
CVE: CVE-2000-1247
CWE: N/A


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

---------------------------------------------------------------- BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> WHEN YOU POST, include all relevant version numbers, log files, and configuration files. Don't make us guess your problem!!! ---------------------------------------------------------------- Hello, I've a problem with the JServ engine. I'll try to explain my problem according with the rules: #1. What version of Apache JServ you are using JServ 1.1.2 jserv #2. What version of Apache you are using Apache 1.3.12 #3. What OS and OS version you are using SuSE Linux 6.4 #4. An exact description of what is going wrong (pretend that we are not there and we cannot see what you are doing). Include any useful log file output as well. I''ve installed the JServ package and I cannot see the "Mapped Servlet Engines" following the link in the "Apache JServ 1.1.2 Status" default Web Page (btw. the link for "Configured Host" works perfectly) In mod_jserv.log I can see these errors: [29/09/2000 10:45:36:621] (ERROR) wrapper: printing debugging information (command line, env) [29/09/2000 10:45:36:621] (ERROR) wrapper: argument[ 0] /usr/bin/java [29/09/2000 10:45:36:621] (ERROR) wrapper: argument[ 1] org.apache.jserv.JServ [29/09/2000 10jserv :45:36:621] (ERROR) wrapper: argument[ 2] /etc/httpd/conf/jserv/jserv.properties [29/09/2000 10:45:36:621] (ERROR) wrapper: environment[ 0] CLASSPATH=/usr/lib/apache/ApacheJServ.jar:/home/httpd/classes/servlet-2.0.jar [29/09/2000 10:45:36:621] (ERROR) wrapper: environment[ 1] PATH=/usr/lib/jdk1.1.7/bin:/bin:/usr/bin:/usr/local/bin [29/09/2000 10:47:14:300] (EMERGENCY) ajp12: can not connect to host 127.0.0.1:8007 [29/09/2000 10:47:14:300] (EMERGENCY) ajp12: connection fail [29/09/2000 10:47:14:301] (ERROR) an error returned handling request via protocol "ajpv12" [29/09/2000 10:47:14:301] (ERROR) an error returned handling request via protocol "status" [29/09/2000 10:47:41:510] (EMERGENCY) ajp12: can not connect to host 127.0.0.1:8007 [29/09/2000 10:47:41:511] (EMERGENCY) ajp12: connection fail [29/09/2000 10:47:41:511] (ERROR) an error returned handling request via protocol "ajpv12" [29/09/2000 10:47:41:511] (ERROR) an error returned handling request via protocol "status" I've readed the JServ FAQ one hundred times 8-(, and I've found nothing to resolve my problem What can I do? (thanks) Dani. #5. Your Apache JServ configuration in Apache jserv.conf ############################################################################### # Apache JServ Configuration File # ############################################################################### # Note: this file should be appended or included into your httpd.conf # Tell Apache on win32 to load the Apache JServ communication module #LoadModule jserv_module modules/ApacheModuleJServ.dll # Tell Apache on Unix to load the Apache JServ communication module # For shared object builds only!!! LoadModule jserv_module /usr/lib/apache/mod_jserv.so <IfModule mod_jserv.c> # Whether Apache must start Apache JServ or not (On=Manual Off=Autostart) # Syntax: ApJServManual [on/off] # Default: "Off" ApJServManual off # Properties filename for Apache JServ in Automatic Mode. # In manual mode this directive is ignored # Syntax: ApJServProperties [filename] # Default: "./conf/jserv.properties" ApJServProperties /etc/httpd/conf/jserv/jserv.properties # Log file for this module operation relative to Apache root directory. # Set the name of the trace/log file. To avoid possible confusion about # the location of this file, an absolute pathname is recommended. # # This log file is different than the log file that is in the # jserv.properties file. This is the log file for the C portion of Apache # JServ. # # On Unix, this file must have write permissions by the owner of the JVM # process. In other words, if you are running Apache JServ in manual mode # and Apache is running as user nobody, then the file must have its # permissions set so that that user can write to it. # Syntax: ApJServLogFile [filename] # Default: "./logs/mod_jserv.log" # Note: when set to "DISABLED", the log will be redirected to Apache error log ApJServLogFile /var/log/httpd/mod_jserv.log # Log Level for this module # Syntax: ApJServLogLevel [debug|info|notice|warn|error|crit|alert|emerg] # Default: info (unless compiled w/ JSERV_DEBUG, in which case it's debug) ApJServLogLevel notice # Protocol used by this host to connect to Apache JServ # (see documentation for more details on available protocols) # Syntax: ApJServDefaultProtocol [name] # Default: "ajpv12" ApJServDefaultProtocol ajpv12 # Default host on which Apache JServ is running # Syntax: ApJServDefaultHost [hostname] # Default: "localhost" #ApJServDefaultHost java.apache.org # Default port that Apache JServ is listening to # Syntax: ApJServDefaultPort [number] # Default: protocol-dependant (for ajpv12 protocol this is "8007") ApJServDefaultPort 8007 # The amount of time to give to the JVM to start up as well # as the amount of time to wait to ping the JVM to see if it # is alive. Slow or heavily loaded machines might want to # increase this value. # Default: 10 seconds # ApJServVMTimeout 10 # Passes parameter and value to specified protocol. # Syntax: ApJServProtocolParameter [name] [parameter] [value] # Default: NONE # Note: Currently no protocols handle this. Introduced for future protocols. # Apache JServ secret key file relative to Apache root directory. # Syntax: ApJServSecretKey [filename] # Default: "./conf/jserv.secret.key" # Warning: if authentication is DISABLED, everyone on this machine (not just # this module) may connect to your servlet engine and execute servlet # bypassing web server restrictions. See the documentation for more information ApJServSecretKey /etc/httpd/conf/jserv/jserv.secret.key #ApJServSecretKey DISABLED # Mount point for Servlet zones # (see documentation for more information on servlet zones) # Syntax: ApJServMount [name] [jserv-url] # Default: NONE # Note: [name] is the name of the Apache URI path to mount jserv-url on # [jserv-url] is something like "protocol://host:port/zone" # If protocol, host or port are not specified, the values from # "ApJServDefaultProtocol", "ApJServDefaultHost" or "ApJServDefaultPort" # will be used. # If zone is not specified, the zone name will be the first subdirectory of # the called servlet. # Example: "ApJServMount /servlets /myServlets" # if user requests "http://host/servlets/TestServlet" # the servlet "TestServlet" in zone "myServlets" on default host # thru default protocol on defaul port will be requested # Example: "ApJServMount /servlets ajpv12://localhost:8007" # if user requests "http://host/servlets/myServlets/TestServlet" # the servlet "TestServlet" in zone "myServlets" will be requested # Example: "ApJServMount /servlets ajpv12://jserv.mydomain.com:15643/myServlets" # if user requests "http://host/servlets/TestServlet" the servlet # "TestServlet" in zone "myServlets" on host "jserv.mydomain.com" using # "ajpv12" protocol on port "15643" will be executed ApJServMount /servlets /root ApJServMount /servlet /root # Whether <VirtualHost> inherits base host mount points or not # Syntax: ApJServMountCopy [on/off] # Default: "On" # Note: This directive is meaninful only when virtual hosts are being used ApJServMountCopy on # Executes a servlet passing filename with proper extension in PATH_TRANSLATED # property of servlet request. # Syntax: ApJServAction [extension] [servlet-uri] # Defaults: NONE # Notes: This is used for external tools. #ApJServAction .jsp /servlets/org.gjt.jsp.JSPServlet #ApJServAction .gsp /servlets/com.bitmechanic.gsp.GspServlet #ApJServAction .jhtml /servlets/org.apache.servlet.ssi.SSI #ApJServAction .xml /servlets/org.apache.cocoon.Cocoon # Enable the Apache JServ status handler with the URL of # "http://servername/jserv/" (note the trailing slash!) # Change the "deny" directive to restrict access to this status page. <Location /jserv/> SetHandler jserv-status order deny,allow deny from all allow from 127.0.0.1 </Location> ############################## W A R N I N G ################################## # Remember to disable or otherwise protect the execution of the Apache JServ # # Status Handler (see right above) on a production environment since this may # # give untrusted users the ability to obtain restricted information on your # # servlets and their initialization arguments such as JDBC passwords and # # other important information. The Apache JServ Status Handler should be # # accessible only by system administrators. # ############################################################################### </IfModule> -- -------------------------------------------------------------- Please read the FAQ! <http://java.apache.org/faq/> To subscribe: java-apache-users-on@list.working-dogs.com To unsubscribe: java-apache-users-off@list.working-dogs.com Search Archives: <http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/> Problems?: jon@working-dogs.com <b>[prev in list] [next in list] [<font color="#c0c0c0">prev in thread</font>] [<font color="#c0c0c0">next in thread</font>] </b> </pre> </pre><br><center> Configure | About | News | Donate | Addalist | Sponsors:10East,KoreLogic </center> </body> </html>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top