Bug 60745

Summary: False positive: Somebody try to hack into the site!!!
Product: Tomcat Connectors Reporter: Arild Røkenes <arild.rokenes>
Component: isapiAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 1.2.42   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Arild Røkenes 2017-02-18 19:56:20 UTC 
This seems to be a recurring event in different versions.
It has earlier occurred in 1.2.32 ref https://bz.apache.org/bugzilla/show_bug.cgi?id=51769

Error Message
[2996:3812] [emerg] handle_notify_event::jk_isapi_plugin.c (1903): [/sm/dv/META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration] points to the web-inf or meta-inf directory. Somebody tries to hack into the site!!!

Running on Windows Server 2012 R2 x64 with 64bit isapi filter.
IIS version 8.5.9600.16384

It seems to break the users connection making it impossible for user to reach the site until isapi filter has been reloaded.
Comment 1 Mark Thomas 2018-08-21 10:59:55 UTC 
I can confirm that the false positive is still present however I can't recreate the issue of the user being blocked until the filter is reloaded.
Comment 2 Mark Thomas 2018-08-21 14:40:30 UTC 
This has been fixed in 1.2.x for 1.2.44 onwards.

The check has essentially been removed from the ISAPI code as a) Tomcat performs the check any way and b) ISAPI can't perform the check correctly without knowledge of the current context path which it does not have.