cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Form error after security hotfix apsb12-15

sduncanute
Community Beginner ,
Jul 05, 2012 Jul 05, 2012

Copy link to clipboard

Copied

I tried posting this in the general CF area two weeks ago with no reply, so I thought I'd try here.

I applied the hotfix last week and everything seemed to be working, thought all was well.

It turns out that forms that used to work without a hitch suddenly generated error 500 with no clue as to the real issue.

These forms are simple fill it in, create a pdf file, display the file.  Nothing too creative.  With no error message, and nothing to tell me what is going on with this, I was forced to unload hf901-00005.jar and go back to hf901-00003.jar

It is all working again, but I'd really like to have the security patch AND have my forms work.

Any clues??

Views

2.8K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

itisdesign
Engaged , Jul 05, 2012 Jul 05, 2012

sduncanute wrote:


forms that used to work without a hitch suddenly generated error 500 with no clue as to the real issue.

These forms are simple fill it in, create a pdf file, display the file.  Nothing too creative.  With no error message, and nothing to tell me what is going on with this, I was forced to unload hf901-00005.jar and go back to hf901-00003.jar

It is all working again, but I'd really like to have the security patch AND have my forms work.

Hi sduncanute,

Yes (I experienced the same exac

...

Votes

Translate

Translate
replies 7 Replies 7
latest latest Jump to latest reply
itisdesign
Engaged ,
Jul 05, 2012 Jul 05, 2012

Copy link to clipboard

Copied

sduncanute wrote:


forms that used to work without a hitch suddenly generated error 500 with no clue as to the real issue.

These forms are simple fill it in, create a pdf file, display the file.  Nothing too creative.  With no error message, and nothing to tell me what is going on with this, I was forced to unload hf901-00005.jar and go back to hf901-00003.jar

It is all working again, but I'd really like to have the security patch AND have my forms work.

Hi sduncanute,

Yes (I experienced the same exact issue when populating PDF forms after upgrading to CF10), and there are actually 2 issues here (but the issues are not PDF-related).  In short, there is a solution.  I'll explain:

First issue: Tomcat errors are not written to start.log or exception.log.  This is why you aren't seeing any logged error.  This is Bug #3126106 and is marked Fixed in CF10 (I haven't verified this, but need to.  This here is a note-to-self. =P).  However, I'm unsure if this is fixed in CF 9.0.2.

Second issue: As apsb12-15 states:

-----------

  1. This hot fix has a new setting in ColdFusion, Post Parameter Limit. This setting limits the number of parameters in a post request. The default value is 100. If a post request contains more parameters as specified, the server doesn't process the request and throws an exception. This process protects against DoS attack using Hash Collision. This setting is different from Post Size Limit (ColdFusion Administrator > Settings > Maximum size of post data). This setting isn't exposed in the ColdFusion Administrator console. But you can easily change this limit in the neo-runtime.xml file. See point 5 below.
  2. Customers who want to change postParameterLimit, go to {ColdFusion-Home}/lib for Server Installation or {ColdFusion-Home}/WEB-INF/cfusion/lib for Multiserver or J2EE installation. Open file neo-runtime.xml, after line

"<var name='postSizeLimit'><number>100.0</number></var>"

Add the line below and you can change 100 with the desired number.

"<var name='postParametersLimit'><number>100.0</number></var>"

-----------

Basically, the Tomcat error (which you're not seeing) is being thrown b/c the form is attempting to post more than 100 fields.  So, just do as it says above: Add that bolded line and replace 100.0 w/ a number high enough to cover the number of fields in your form.

I'll note that CF10 permits this setting to be adjusted via the CF Admin's Settings page via the "Maximum number of POST request parameters" setting.

Thanks,

-Aaron

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
sduncanute
Community Beginner ,
Jul 05, 2012 Jul 05, 2012

Copy link to clipboard

Copied

In Response To itisdesign

This sounds like the answer I needed.  I'll have to wait until the next server update window, but I'll give this a go.  I don't think they've fixed the Tomcat error in 9.0.2 

Thanks!

Sue

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
itisdesign
Engaged ,
Jul 05, 2012 Jul 05, 2012

Copy link to clipboard

Copied

In Response To sduncanute

sduncanute wrote:

This sounds like the answer I needed.  I'll have to wait until the next server update window, but I'll give this a go.  I don't think they've fixed the Tomcat error in 9.0.2 

Hi Sue,

You're welcome and please do let us know later if that setting resolves the issue.

Thanks!,

-Aaron

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
sduncanute
Community Beginner ,
Jan 16, 2013 Jan 16, 2013

Copy link to clipboard

Copied

In Response To itisdesign

Just a quick update, I know it's been ages, but just in case someone else was following the thread, it worked.

Sue

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
itisdesign
Engaged ,
Jan 29, 2013 Jan 29, 2013

Copy link to clipboard

Copied

In Response To sduncanute

Hi Sue,

Glad it worked, and thank you very much for confirming!

Thanks,

-Aaron

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
K Johnstone
New Here ,
Feb 03, 2013 Feb 03, 2013

Copy link to clipboard

Copied

In Response To itisdesign

ColdFusion Security Hotfix APSB13-03 on ColdFusion 9

http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html

FYI, this hotfix seems to have the same problem & fix (altering new-runtime.xml as above - thank you Aaron!)

Notes:

After applying the hotfix, users were getting intermittent "The service is unavailable" and "503: Service unavailable" errors.

Error also happened on pages with few or no Form Fields & at various times throughout the day. Unable to find anything in various logs.

Eventually found we could at least replicate the error with a POST request  with >100 fields (A).

Then noticed that a subsequent page request (within a short timeframe) returned an error, but reloading page B worked.
So I guess requests like A were also causing the problems for other page requests at around the same time?!

kj

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Kash3000
New Here ,
May 23, 2013 May 23, 2013

Copy link to clipboard

Copied

LATEST
In Response To K Johnstone

kj,

Thanks for posting up the comment about intermittent server issues. I just applied the hotfix for APSB13-13 (http://www.adobe.com/support/security/bulletins/apsb13-13.html) and was running into the same issues. Modifying the neo-runtime.xml, as per Aaron's post, did the trick.

-kash

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices