From jira-events at lists.jboss.org Thu Nov  6 15:55:36 2008
Content-Type: multipart/mixed; boundary="===============3260943692715139535=="
MIME-Version: 1.0
From: Farah Juma (JIRA) <jira-events at lists.jboss.org>
To: jboss-jira at lists.jboss.org
Subject: [jboss-jira] [JBoss JIRA] Commented: (JBAS-5657) JSP source code
 exposure in jmx-console
Date: Thu, 06 Nov 2008 15:55:36 -0500
Message-ID: <11205213.1226004936699.JavaMail.jira@cloud.prod.atl2.jboss.com>
In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com

--===============3260943692715139535==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable


    [ https://jira.jboss.org/jira/browse/JBAS-5657?page=3Dcom.atlassian.jir=
a.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D12437365=
#action_12437365 ] =


Farah Juma commented on JBAS-5657:
----------------------------------

I have applied simpleErrorPage.patch (see JBPAPP-529) to AS trunk:
I created a generic error page for the JMX console that gets displayed when=
ever HTTP Status 500 exceptions occur. The error page does not expose the d=
etails of the error.

> JSP source code exposure in jmx-console
> ---------------------------------------
>
>                 Key: JBAS-5657
>                 URL: https://jira.jboss.org/jira/browse/JBAS-5657
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) =

>          Components: JMX/Web Console
>    Affects Versions: JBossAS-4.2.2.GA
>            Reporter: Clive Saldanha
>            Assignee: Clive Saldanha
>             Fix For: JBossAS-5.0.0.CR1, JBossAS-4.2.3.GA
>
>         Attachments: JBAS-5657.patch
>
>
> The error page of the jmx-console spits out JSP source code. =

> http://127.0.0.1:8080/jmx-console/DisplayOpResult
> HTTP Status 500 -
> type Exception report
> message
> description The server encountered an internal error () that prevented it=
 from fulfilling this request.
> exception
> org.apache.jasper.JasperException: An exception occurred processing JSP p=
age /displayOpResult.jsp at line 12
> 9: </head>
> 10: <body>
> 11:
> 12: <jsp:useBean id=3D'opResultInfo' type=3D'org.jboss.jmx.adaptor.contro=
l.OpResultInfo' scope=3D'request'/>
> 13:
> 14: <table width=3D"100%">

-- =

This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: htt=
ps://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       =20

--===============3260943692715139535==--