Recently while I was doing continuous
testing in OSB Console and collecting the performance metrics, the server was
not responding. When we started digging in we saw that the Admin server was
down and it was throwing Could not
discover URL for server 'AdminServer' error.
ErrorLog
<Cannot contact the
admin server. Therefore constructing the Cluster Authority Current time with
the time skew 0
java.rmi.UnknownHostException:
Could not discover URL for server 'AdminServer'
at
weblogic.protocol.URLManager.findURL(URLManager.java:145)
at
com.bea.alsb.platform.weblogic.topology.WlsRemoteServerImpl.getInitialContext(WlsRemoteServerImpl.java:94)
at
com.bea.alsb.platform.weblogic.topology.WlsRemoteServerImpl.lookupJNDI(WlsRemoteServerImpl.java:54)
at
com.bea.wli.sb.init.RemoteClusterTimerAuthority.getTimerAuthority(RemoteClusterTimerAuthority.java:59)
at
com.bea.wli.sb.init.RemoteClusterTimerAuthority.getClusterTimerAuthorityCurrentTime(RemoteClusterTimerAuthority.java:33)
at com.bea.wli.timer.TimeSkewSynchronizer$TimeSkewSynchronizerTask.run(TimeSkewSynchronizer.java:47)
When we did some more research, it
looked like a CSRF attack.
ErrorLog
A Cross-site request forgery (CSRF) has been detected.
Task=com.bea.console.actions.changemgmt.StopEditAction address=10.111.11.10
user=george
Not sure what triggered it, but it
was nice to know more on CSRF from oracle
blogs and Wiki.
Cross-Site
Request Forgery (CSRF), also known as Cross-Site Reference Forgery (XSRF),
Session Riding is a type of malicious exploit where unauthorized requests are
transmitted from a user to a trusted website (the target). CSRF exploits the
trust that the targeted site has in a user’s browser and generally works by
embedding a link or script in a malicious page to access a site to which the
user has already been authenticated.
No comments:
Post a Comment