Internal Server Error with Untertow UT005023

Communities CommandBox CLI
1

My Lucee installation that has been working flawlessly for months all of a sudden this week started showing “Internal Server Error” (HTTP status code 500) on EVERY cfm page on the site. I can successfully browse the site on the server using 127.0.0.1:8080, but something happened that appear to have broken the connection between Lucee/Undertow/Apache.

This started happening after the server restarted overnight this week. I’m thinking it has to do with some update that got installed, but I can’t pinpoint that yet. Potentially a recent commandbox update [commandbox:amd64 (5.9.1-1, 6.0.0-1)]??

Anyone have ideas on what might be causing this and/or a resolution?

This error shows in the logs/server.out.txt in the web-contexts folder structure:

[ERROR] io.undertow.request: UT005023: Exception handling request to /testpath/index.cfm
java.lang.NullPointerException: null
        at runwar.undertow.SSLCertHeaderHandler.handleRequest(SSLCertHeaderHandler.java:97) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:175) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.handlers.HttpContinueReadHandler.handleRequest(HttpContinueReadHandler.java:69) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [runwar-5.0.0.jar:5.0.0]
        at runwar.undertow.WelcomeFileHandler.handleRequest(WelcomeFileHandler.java:39) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:104) [runwar-5.0.0.jar:5.0.0]
        at runwar.undertow.SiteDeployment$1.handleRequest(SiteDeployment.java:162) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:141) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.handlers.DisallowedMethodsHandler.handleRequest(DisallowedMethodsHandler.java:62) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.predicate.PredicatesHandler.handleRequest(PredicatesHandler.java:113) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.handlers.encoding.EncodingHandler.handleRequest(EncodingHandler.java:72) [runwar-5.0.0.jar:5.0.0]
        at runwar.undertow.LifecyleHandler.handleRequest(LifecyleHandler.java:143) [runwar-5.0.0.jar:5.0.0]
        at runwar.undertow.SiteDeployment$4.handleRequest(SiteDeployment.java:345) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:393) [runwar-5.0.0.jar:5.0.0]
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852) [runwar-5.0.0.jar:5.0.0]
        at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [runwar-5.0.0.jar:5.0.0]
        at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [runwar-5.0.0.jar:5.0.0]
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [runwar-5.0.0.jar:5.0.0]
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [runwar-5.0.0.jar:5.0.0]
        at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282) [runwar-5.0.0.jar:5.0.0]
        at java.base/java.lang.Thread.run(Thread.java:829) [?:?]

Don’t forget to tell us about your stack!

OS: Ubuntu 20.04.6 LTS (GNU/Linux 5.4.0-173-generic x86_64)
Java Version: Java Version: 11.0.22+7-post-Ubuntu-0ubuntu220.04.1 (Ubuntu)
Lucee Version: 5.4.4+38
CommandBox Version: v6.0.0+00787
Runwar Version: 5.0.0

2

Interesting, that line of code is

            if( ssl.getSSLSession().getLocalCertificates() != null ) {

The ssl variable is checked to make sure it’s not null above and the getLocalCertitifcations() is being checked here, so the getSSLSession() method must be returning null. I’m not sure in what scenario there would be an SSLSessionInfo object, but SSL session. CommandBox 6 did have a patch upgrade to Undertow so it’s possible they changed a behavior there.

Is your browser using HTTPS to access the page? I can add an additional null check for that intermediate method call and add it to the snapshot builds of Runwar.

3

I’m definitely using https in the browser.

Should I try to rollback commandbox and undertow? I’m not sure that’s possible?

4

Can you try replacing the runwar jar file in the CommandBox home’s lib folder with this one?

https://s3.amazonaws.com/downloads.ortussolutions.com/cfmlprojects/runwar/5.0.3-SNAPSHOT/runwar-5.0.3-SNAPSHOT.jar

1 Like
5

That fixed it! Hurray!

6

Great! I’ll roll that out soon in a CommandBix 6.0.1 fix soon.