Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-19888

Brute Force Attack - GET request to liveDate/sources/liveTable is executing create index statement

    XMLWordPrintable

Details

    • High
    • Unknown

    Description

      On Fr. 2022-06-24 a brute force attack has been performed on our XWiki 13.10.6 instance.
      Inbetween 16:33 (CEST) and 17:56 (CEST) 184000+ requests have been reported to logs - xwiki.log is ~ 3GB.

      Plenty of GET requests to /wiki/rest/liveData/sources/liveTable/entries result in XWiki executing DDL create index statements in the PostgreSQL database.

      access.log
      not sure if this could be the right requests, no matching requests at the time of server output. Could it be that these requests took that long?

      141.113.97.253 "88.99.125.2" - - 2022-06-24T16:58:02+0200 GET "www.faplis.de/wiki/rest/liveData/sources/liveTable/entries?namespace=wiki:xwiki%0abcc:076935.5697-23375.5697.012b9.19167.2@bxss.me&sourceParams.%24doc=xwiki:Main.WebHome&sourceParams.childrenOf=Main&sourceParams.queryFilters=unique%2Chidden&sourceParams.template=getdocuments.vm&sourceParams.translationPrefix=platform.index.&timestamp=1656082142300" 502 341 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36  CIVAI" 756 544
...
141.113.97.254 "88.99.125.2" - - 2022-06-24T16:58:28+0200 GET "www.faplis.de/wiki/rest/liveData/sources/liveTable/entries?namespace=wiki:xwiki&sourceParams.$doc=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.WebHome&sourceParams.childrenOf=Main&sourceParams.queryFilters=unique%2Chidden&sourceParams.template=getdocuments.vm&sourceParams.translationPrefix=platform.index.&timestamp=1656082145542" 502 341 "https://www.faplis.de/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36  CIVAI" 799 544
141.113.97.250 "88.99.125.2" - - 2022-06-24T16:58:32+0200 GET "www.faplis.de/wiki/rest/liveData/sources/liveTable/entries?namespace=wiki:xwiki%0abcc:076935.5697-23375.5697.012b9.19167.2@bxss.me&sourceParams.%24doc=xwiki:Main.WebHome&sourceParams.childrenOf=Main&sourceParams.queryFilters=unique%2Chidden&sourceParams.template=getdocuments.vm&sourceParams.translationPrefix=platform.index.&timestamp=1656082142300" 502 341 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36  CIVAI" 756 544

      System out/err:

      Jun 24 17:56:02 sedcafap0150 sh[17010]: 2022-06-24 17:56:02,181 [http-nio-8080-exec-53 - http://www.faplis.de/wiki/rest/liveData/sources/liveTable/entries?namespace=wiki:xwiki%0abcc:076935.5697-23375.5697.012b9.19167.2@bxss.me&sourceParams.%24doc=xwiki:Main.WebHome&sourceParams.childrenOf=Main&sourceParams.queryFilters=unique%2Chidden&sourceParams.template=getdocuments.vm&sourceParams.translationPrefix=platform.index.&timestamp=1656082142300] ERROR c.x.x.i.s.h.HibernateStore     - Error executing DDL "create index XWVS_UNIQUE_ID on xwiki
Jun 24 17:56:02 sedcafap0150 sh[17010]: bcc:076935.5697_23375.5697.012b9.19167.2@bxss.me.xwikistatsvisit (XWV_UNIQUE_ID)" via JDBC Statement
Jun 24 17:56:02 sedcafap0150 sh[17010]: org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL "create index XWVS_UNIQUE_ID on xwiki
Jun 24 17:56:02 sedcafap0150 sh[17010]: bcc:076935.5697_23375.5697.012b9.19167.2@bxss.me.xwikistatsvisit (XWV_UNIQUE_ID)" via JDBC Statement
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.schema.internal.exec.GenerationTargetToDatabase.accept(GenerationTargetToDatabase.java:67)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.applySqlString(AbstractSchemaMigrator.java:563)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.applySqlStrings(AbstractSchemaMigrator.java:508)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.applyIndexes(AbstractSchemaMigrator.java:332)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.schema.internal.GroupedSchemaMigratorImpl.performTablesMigration(GroupedSchemaMigratorImpl.java:84)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.performMigration(AbstractSchemaMigrator.java:208)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.doMigration(AbstractSchemaMigrator.java:115)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.hbm2ddl.SchemaUpdate.execute(SchemaUpdate.java:94)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.hbm2ddl.SchemaUpdate.execute(SchemaUpdate.java:63)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.internal.store.hibernate.HibernateStore.updateDatabase(HibernateStore.java:1125)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.internal.store.hibernate.HibernateStore.updateDatabase(HibernateStore.java:992)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.internal.store.hibernate.HibernateStore.updateDatabase(HibernateStore.java:1159)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.XWikiHibernateBaseStore.updateSchema(XWikiHibernateBaseStore.java:264)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.migration.hibernate.HibernateDataMigrationManager.hibernateShemaUpdate(HibernateDataMigrationManager.java:208)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.migration.hibernate.HibernateDataMigrationManager.updateSchema(HibernateDataMigrationManager.java:189)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.migration.hibernate.HibernateDataMigrationManager.initializeEmptyDB(HibernateDataMigrationManager.java:158)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.migration.AbstractDataMigrationManager.initNewDB(AbstractDataMigrationManager.java:446)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.migration.AbstractDataMigrationManager.initializeCurrentDatabase(AbstractDataMigrationManager.java:551)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.migration.AbstractDataMigrationManager.checkDatabase(AbstractDataMigrationManager.java:534)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.internal.store.hibernate.HibernateStore.setWiki(HibernateStore.java:703)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.internal.store.hibernate.HibernateStore.setWiki(HibernateStore.java:662)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.internal.store.hibernate.HibernateStore.beginTransaction(HibernateStore.java:853)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.XWikiHibernateBaseStore.beginTransaction(XWikiHibernateBaseStore.java:576)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.XWikiHibernateStore.loadXWikiDoc(XWikiHibernateStore.java:1022)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.store.XWikiCacheStore.loadXWikiDoc(XWikiCacheStore.java:394)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.XWiki.getDocument(XWiki.java:2150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.XWiki.getDocument(XWiki.java:2212)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.configuration.internal.AbstractXWikiPreferencesConfigurationSource.getBaseObject(AbstractXWikiPreferencesConfigurationSource.java:86)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.configuration.internal.AbstractXWikiPreferencesConfigurationSource.getBaseProperty(AbstractXWikiPreferencesConfigurationSource.java:139)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.configuration.internal.AbstractXWikiPreferencesConfigurationSource.getBaseProperty(AbstractXWikiPreferencesConfigurationSource.java:156)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.configuration.internal.AbstractDocumentConfigurationSource.getPropertyValue(AbstractDocumentConfigurationSource.java:348)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.configuration.internal.AbstractDocumentConfigurationSource.getProperty(AbstractDocumentConfigurationSource.java:313)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.XWiki.getXWikiPreference(XWiki.java:2868)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.XWiki.getXWikiPreference(XWiki.java:2907)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.XWiki.getXWikiPreference(XWiki.java:2851)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.XWiki.getAvailableLocales(XWiki.java:3258)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.XWiki.getLocalePreference(XWiki.java:3087)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.XWiki.getLanguagePreference(XWiki.java:3186)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.internal.localization.XWikiLocalizationContext.getCurrentLocale(XWikiLocalizationContext.java:60)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.localization.internal.DefaultContextualLocalizationManager.getTranslationPlain(DefaultContextualLocalizationManager.java:62)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.livetable.DefaultLiveDataConfigurationResolver.translateProperty(DefaultLiveDataConfigurationResolver.java:241)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.livetable.DefaultLiveDataConfigurationResolver.translate(DefaultLiveDataConfigurationResolver.java:216)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.livetable.DefaultLiveDataConfigurationResolver.resolve(DefaultLiveDataConfigurationResolver.java:103)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.livetable.DefaultLiveDataConfigurationResolver.resolve(DefaultLiveDataConfigurationResolver.java:58)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.DefaultLiveDataConfigurationResolver.mergeSourceConfig(DefaultLiveDataConfigurationResolver.java:90)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.DefaultLiveDataConfigurationResolver.resolve(DefaultLiveDataConfigurationResolver.java:73)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.DefaultLiveDataConfigurationResolver.resolve(DefaultLiveDataConfigurationResolver.java:53)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.rest.DefaultLiveDataEntriesResource.getConfig(DefaultLiveDataEntriesResource.java:121)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.rest.DefaultLiveDataEntriesResource.initConfig(DefaultLiveDataEntriesResource.java:183)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.livedata.internal.rest.DefaultLiveDataEntriesResource.getEntries(DefaultLiveDataEntriesResource.java:78)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at jdk.internal.reflect.GeneratedMethodAccessor1609.invoke(Unknown Source)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at java.base/java.lang.reflect.Method.invoke(Unknown Source)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.ext.jaxrs.internal.wrappers.AbstractMethodWrapper.internalInvoke(AbstractMethodWrapper.java:162)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.ext.jaxrs.internal.wrappers.ResourceMethod.invoke(ResourceMethod.java:281)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.ext.jaxrs.JaxRsRestlet.invokeMethod(JaxRsRestlet.java:997)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.ext.jaxrs.JaxRsRestlet.handle(JaxRsRestlet.java:746)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Router.doHandle(Router.java:422)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Router.handle(Router.java:641)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.engine.application.StatusFilter.doHandle(StatusFilter.java:140)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.engine.application.ApplicationHelper.handle(ApplicationHelper.java:77)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.Application.handle(Application.java:385)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Router.doHandle(Router.java:422)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Router.handle(Router.java:641)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Router.doHandle(Router.java:422)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Router.handle(Router.java:641)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.doHandle(Filter.java:150)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.routing.Filter.handle(Filter.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.Component.handle(Component.java:408)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.Server.handle(Server.java:507)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.engine.connector.ServerHelper.handle(ServerHelper.java:63)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.engine.adapter.HttpServerHelper.handle(HttpServerHelper.java:143)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:1117)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at com.xpn.xwiki.web.XWikiContextInitializationFilter.doFilter(XWikiContextInitializationFilter.java:82)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at java.base/java.lang.Thread.run(Unknown Source)
Jun 24 17:56:02 sedcafap0150 sh[17010]: Caused by: org.postgresql.util.PSQLException: ERROR: syntax error at or near "bcc"
Jun 24 17:56:02 sedcafap0150 sh[17010]:   Position: 38
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2553)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2285)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:323)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:473)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:393)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.jdbc.PgStatement.executeWithFlags(PgStatement.java:322)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.jdbc.PgStatement.executeCachedSql(PgStatement.java:308)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.jdbc.PgStatement.executeWithFlags(PgStatement.java:284)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:279)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.commons.dbcp2.DelegatingStatement.execute(DelegatingStatement.java:193)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.apache.commons.dbcp2.DelegatingStatement.execute(DelegatingStatement.java:193)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         at org.hibernate.tool.schema.internal.exec.GenerationTargetToDatabase.accept(GenerationTargetToDatabase.java:54)
Jun 24 17:56:02 sedcafap0150 sh[17010]:         ... 130 common frames omitted

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-19886 Brute Force Attack - XWikiLogin is executing create table statements on PostgreSQL

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              bbartke Bernd Bartke
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: