Tomcat request hangs in ChunkedInputFilter.parseChunkHeader

Solution Verified - Updated 5 Aug 2024

Environment

Red Hat Enterprise Linux (RHEL) 7.x
JBoss Enterprise Web Server (EWS) 2.0.x
- Tomcat 7.0.x

Issue

We see requests on Tomcat hung in the ChunkedInputFilter.parseChunkHeader method:

"http-bio-8080-exec-4" daemon prio=10 tid=0x00007f1258013800 nid=0x7be8 runnable [0x00007f12508aa000]
   java.lang.Thread.State: RUNNABLE
	at org.apache.coyote.http11.filters.ChunkedInputFilter.parseChunkHeader(ChunkedInputFilter.java:354)
	at org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:171)
	at org.apache.coyote.http11.AbstractInputBuffer.doRead(AbstractInputBuffer.java:346)
	at org.apache.coyote.Request.doRead(Request.java:422)
	at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:290)
	at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:449)
	at org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:315)
	at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:167)

We try to deploy an application through the tomcat manager servlet, but it never completes

Resolution

Update to the latest RHEL tomcat package (tomcat-7.0.42-6.el7_0 and later provides the fix
Update to EWS 2.1.0 or later
Apply the CVE-2014-0075 patch to EWS 2.0.1

Root Cause

This is a symptom of CVE-2014-0075

SBR

Product(s)

Category

Troubleshoot

Tags

jboss
tomcat

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.