Bug 64182 - 1.03s delay on every request via ajp
Summary: 1.03s delay on every request via ajp
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Connectors (show other bugs)
Version: 8.5.51
Hardware: PC All
: P2 normal (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2020-02-27 09:10 UTC by zac spitzer
Modified: 2020-02-29 07:52 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description zac spitzer 2020-02-27 09:10:21 UTC
Since upgrading to 8.5.51, there seems to be a consistent 1.03s delay on every request.

I'm running via Apache 2.4, which doesn't support secrets until the next release (2.4.42) https://bz.apache.org/bugzilla/show_bug.cgi?id=53098, so I have secretRequired="false" and no secret defined due to https://bz.apache.org/bugzilla/show_bug.cgi?id=64180
Comment 1 zac spitzer 2020-02-27 09:12:40 UTC
This is occurring with Lucee, issue was first reported here https://dev.lucee.org/t/tomcat-cve-2020-1938-ghostcat-ajp/6650/20?u=zac_spitzer
Comment 2 mgrigorov 2020-02-27 09:31:46 UTC
Hi Zac,

Have you tried with plain Tomcat ? Without Lucee.
If the problem is still there could you please share with us your configurations, both Tomcat's and HTTPD's, and the steps to reproduce it.
Comment 3 Mark Thomas 2020-02-27 10:09:12 UTC
Tested with 8.5.51 and 8.5.x and httpd (2.4.34). Normal response times were observed.

Looking at the (minimal) changes to the AJP request processing, I don't see how those changes could lead to more than one second of delay.

If you'd like community help to track down what is going on, the Tomcat users list is the place to ask. A couple of things to that might help:
- The linked report indicates the issue appeared when Tomcat was updated from 8.0.28 to 8.5.51. There are over 4 years between those releases. It would be worth trying to narrow down which version the issue first appears in.
- The Tomcat and httpd access logs should tell you how long they each thought the request took. It would be interesting to see if they agree that the delay was in Tomcat.
- If Tomcat is the source of the delay, a profiler (I use YourKit because they give OSS committers free licenses for using on their OSS projects) may provide some insight
- If you'd like help tracking this down then providing the simplest possible test case that demonstrates the issue makes it much easier for people to help. If you need to include a web application in that test case, keep it as simple as possible and include source code
Comment 4 zac spitzer 2020-02-27 13:20:08 UTC
Ah, I think it might be an ipv4 vs ipv6 resolving issue. 

I had address"=", I changed that to address="::f" and the delay went away
Comment 5 Andreas 2020-02-29 07:52:20 UTC
Just wanted to confirm Zac Spizters findings that adding attribute address="::1" on server.xml host connector tag for AJP solved the delay on Windows Server 2012 R2 (6.3) 64bit Tomcat/8.5.51
|Java|1.8.0_242 (Azul Systems, Inc.) 64bit with IIS using boncode AJP conncetor. The delay isn't present whit this attribute. Originally there wasn't any address attribute set on that config tag.

Until now I couldn't reproduce the issue on my dev machine. Testing different tomcat versions to narrow down the issue on production servers is not an option at this moment.