Bug#851304: tomcat8 use 100% cpu time - confirmation
Kai Moritz
kai at juplo.de
Mon Jan 23 11:33:24 UTC 2017
Dear Maintainer,
I can confirm the observations of RickLinux.
I have observed the exact same behaviour on several debian-hosts, that
are running Jessie with the version 8.0.14-1+deb8u6 of the
tomcat-packages (and also u4 and u5).
In my case, the effect is triggered by scans, that hit the servers that
I am administering at random. Each scan can be seen in the LOG-files
with an entry like:
62.210.246.66 - - [18/Jan/2017:16:20:16 +0100] "-" 400 -
Each hit leads to one cpu hogging 100%. Hence, if the machine has only
one cpu, one hit leads to an DOS, if it has for example 8 cpu's, 8 hits
are needed.
At first glance, I thought, that the scans are running a specialized
DOS-attack. But after I read the bug-report of RickLinux I produced the
exact same behaviour with an https-GET on the port, where tomcat is
listening for http-connections.
Like RickLinux I also tested a vanilla 8.0.14 Tomcat and found, that it
does not show this behavior.
Kind Regards
Kai Moritz
--
juplo
Inhaber: Kai Moritz
Tel: +49 (0)176 20 50 47 47
kai at juplo.de
http://juplo.de
More information about the pkg-java-maintainers
mailing list