From jira-events at lists.jboss.org Mon Jun 23 12:06:39 2008 Content-Type: multipart/mixed; boundary="===============9155501910575110640==" MIME-Version: 1.0 From: Clive Saldanha (JIRA) To: jboss-jira at lists.jboss.org Subject: [jboss-jira] [JBoss JIRA] Created: (JBAS-5657) JSP source code exposure in jmx-console Date: Mon, 23 Jun 2008 12:06:38 -0400 Message-ID: <24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com> --===============9155501910575110640== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable JSP source code exposure in jmx-console --------------------------------------- Key: JBAS-5657 URL: http://jira.jboss.com/jira/browse/JBAS-5657 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: JMX/Web Console Affects Versions: JBossAS-4.2.2.GA Reporter: Clive Saldanha Assigned To: Darran Lofthouse Fix For: JBossAS-4.2.3.GA The error page of the jmx-console spits out JSP source code. = http://127.0.0.1:8080/jmx-console/DisplayOpResult HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it f= rom fulfilling this request. exception org.apache.jasper.JasperException: An exception occurred processing JSP pag= e /displayOpResult.jsp at line 12 9: 10: 11: 12: 13: 14: -- = This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: htt= p://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira =20 --===============9155501910575110640==-- From jira-events at lists.jboss.org Mon Jun 23 12:08:29 2008 Content-Type: multipart/mixed; boundary="===============8410334169137462491==" MIME-Version: 1.0 From: Clive Saldanha (JIRA) To: jboss-jira at lists.jboss.org Subject: [jboss-jira] [JBoss JIRA] Updated: (JBAS-5657) JSP source code exposure in jmx-console Date: Mon, 23 Jun 2008 12:08:28 -0400 Message-ID: <13849923.1214237308826.JavaMail.jira@cloud.prod.atl2.jboss.com> In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com --===============8410334169137462491== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ http://jira.jboss.com/jira/browse/JBAS-5657?page=3Dall ] Clive Saldanha updated JBAS-5657: --------------------------------- Attachment: JBAS-5657.patch Fix for this issue. > JSP source code exposure in jmx-console > --------------------------------------- > > Key: JBAS-5657 > URL: http://jira.jboss.com/jira/browse/JBAS-5657 > Project: JBoss Application Server > Issue Type: Bug > Security Level: Public(Everyone can see) = > Components: JMX/Web Console > Affects Versions: JBossAS-4.2.2.GA > Reporter: Clive Saldanha > Assigned To: Darran Lofthouse > Fix For: JBossAS-4.2.3.GA > > Attachments: JBAS-5657.patch > > > The error page of the jmx-console spits out JSP source code. = > http://127.0.0.1:8080/jmx-console/DisplayOpResult > HTTP Status 500 - > type Exception report > message > description The server encountered an internal error () that prevented it= from fulfilling this request. > exception > org.apache.jasper.JasperException: An exception occurred processing JSP p= age /displayOpResult.jsp at line 12 > 9: > 10: > 11: > 12: > 13: > 14:

-- = This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: htt= p://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira =20 --===============8410334169137462491==-- From jira-events at lists.jboss.org Mon Jun 23 12:10:29 2008 Content-Type: multipart/mixed; boundary="===============8552778876123327693==" MIME-Version: 1.0 From: Clive Saldanha (JIRA) To: jboss-jira at lists.jboss.org Subject: [jboss-jira] [JBoss JIRA] Commented: (JBAS-5657) JSP source code exposure in jmx-console Date: Mon, 23 Jun 2008 12:10:28 -0400 Message-ID: <31145945.1214237428896.JavaMail.jira@cloud.prod.atl2.jboss.com> In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com --===============8552778876123327693== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ http://jira.jboss.com/jira/browse/JBAS-5657?page=3Dcomments#action_12= 418527 ] = = Clive Saldanha commented on JBAS-5657: -------------------------------------- >From jsp docs: The element locates or instantiates a JavaBeans component. first attempts to locate an instance of the Bean. If the Bean d= oes not exist, instantiates it from a class or serialized tem= plate. In the patch I check whether it's using an existing Bean from the request s= cope or if it has instantiated a new one. If the one from the request scope= is null I redirect the page to the displayMbeans page. > JSP source code exposure in jmx-console > --------------------------------------- > > Key: JBAS-5657 > URL: http://jira.jboss.com/jira/browse/JBAS-5657 > Project: JBoss Application Server > Issue Type: Bug > Security Level: Public(Everyone can see) = > Components: JMX/Web Console > Affects Versions: JBossAS-4.2.2.GA > Reporter: Clive Saldanha > Assigned To: Darran Lofthouse > Fix For: JBossAS-4.2.3.GA > > Attachments: JBAS-5657.patch > > > The error page of the jmx-console spits out JSP source code. = > http://127.0.0.1:8080/jmx-console/DisplayOpResult > HTTP Status 500 - > type Exception report > message > description The server encountered an internal error () that prevented it= from fulfilling this request. > exception > org.apache.jasper.JasperException: An exception occurred processing JSP p= age /displayOpResult.jsp at line 12 > 9: > 10: > 11: > 12: > 13: > 14:

-- = This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: htt= p://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira =20 --===============8552778876123327693==-- From jira-events at lists.jboss.org Mon Jun 23 12:36:29 2008 Content-Type: multipart/mixed; boundary="===============0889504353309043151==" MIME-Version: 1.0 From: Dimitris Andreadis (JIRA) To: jboss-jira at lists.jboss.org Subject: [jboss-jira] [JBoss JIRA] Updated: (JBAS-5657) JSP source code exposure in jmx-console Date: Mon, 23 Jun 2008 12:36:28 -0400 Message-ID: <31058585.1214238988914.JavaMail.jira@cloud.prod.atl2.jboss.com> In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com --===============0889504353309043151== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ http://jira.jboss.com/jira/browse/JBAS-5657?page=3Dall ] Dimitris Andreadis updated JBAS-5657: ------------------------------------- Fix Version/s: JBossAS-5.0.0.CR1 Looks good; put it in AS trunk, too, thanks. > JSP source code exposure in jmx-console > --------------------------------------- > > Key: JBAS-5657 > URL: http://jira.jboss.com/jira/browse/JBAS-5657 > Project: JBoss Application Server > Issue Type: Bug > Security Level: Public(Everyone can see) = > Components: JMX/Web Console > Affects Versions: JBossAS-4.2.2.GA > Reporter: Clive Saldanha > Assigned To: Darran Lofthouse > Fix For: JBossAS-4.2.3.GA, JBossAS-5.0.0.CR1 > > Attachments: JBAS-5657.patch > > > The error page of the jmx-console spits out JSP source code. = > http://127.0.0.1:8080/jmx-console/DisplayOpResult > HTTP Status 500 - > type Exception report > message > description The server encountered an internal error () that prevented it= from fulfilling this request. > exception > org.apache.jasper.JasperException: An exception occurred processing JSP p= age /displayOpResult.jsp at line 12 > 9: > 10: > 11: > 12: > 13: > 14:

-- = This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: htt= p://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira =20 --===============0889504353309043151==-- From jira-events at lists.jboss.org Mon Jun 23 12:36:29 2008 Content-Type: multipart/mixed; boundary="===============8851792752837899751==" MIME-Version: 1.0 From: Dimitris Andreadis (JIRA) To: jboss-jira at lists.jboss.org Subject: [jboss-jira] [JBoss JIRA] Assigned: (JBAS-5657) JSP source code exposure in jmx-console Date: Mon, 23 Jun 2008 12:36:29 -0400 Message-ID: <22470833.1214238989730.JavaMail.jira@cloud.prod.atl2.jboss.com> In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com --===============8851792752837899751== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ http://jira.jboss.com/jira/browse/JBAS-5657?page=3Dall ] Dimitris Andreadis reassigned JBAS-5657: ---------------------------------------- Assignee: Clive Saldanha (was: Darran Lofthouse) > JSP source code exposure in jmx-console > --------------------------------------- > > Key: JBAS-5657 > URL: http://jira.jboss.com/jira/browse/JBAS-5657 > Project: JBoss Application Server > Issue Type: Bug > Security Level: Public(Everyone can see) = > Components: JMX/Web Console > Affects Versions: JBossAS-4.2.2.GA > Reporter: Clive Saldanha > Assigned To: Clive Saldanha > Fix For: JBossAS-4.2.3.GA, JBossAS-5.0.0.CR1 > > Attachments: JBAS-5657.patch > > > The error page of the jmx-console spits out JSP source code. = > http://127.0.0.1:8080/jmx-console/DisplayOpResult > HTTP Status 500 - > type Exception report > message > description The server encountered an internal error () that prevented it= from fulfilling this request. > exception > org.apache.jasper.JasperException: An exception occurred processing JSP p= age /displayOpResult.jsp at line 12 > 9: > 10: > 11: > 12: > 13: > 14:

-- = This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: htt= p://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira =20 --===============8851792752837899751==-- From jira-events at lists.jboss.org Mon Jun 23 14:43:35 2008 Content-Type: multipart/mixed; boundary="===============6868736639274948461==" MIME-Version: 1.0 From: Clive Saldanha (JIRA) To: jboss-jira at lists.jboss.org Subject: [jboss-jira] [JBoss JIRA] Resolved: (JBAS-5657) JSP source code exposure in jmx-console Date: Mon, 23 Jun 2008 14:43:34 -0400 Message-ID: <12575118.1214246614938.JavaMail.jira@cloud.prod.atl2.jboss.com> In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com --===============6868736639274948461== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ http://jira.jboss.com/jira/browse/JBAS-5657?page=3Dall ] Clive Saldanha resolved JBAS-5657. ---------------------------------- Resolution: Done Applied patches to Branch_4_2 and trunk > JSP source code exposure in jmx-console > --------------------------------------- > > Key: JBAS-5657 > URL: http://jira.jboss.com/jira/browse/JBAS-5657 > Project: JBoss Application Server > Issue Type: Bug > Security Level: Public(Everyone can see) = > Components: JMX/Web Console > Affects Versions: JBossAS-4.2.2.GA > Reporter: Clive Saldanha > Assigned To: Clive Saldanha > Fix For: JBossAS-5.0.0.CR1, JBossAS-4.2.3.GA > > Attachments: JBAS-5657.patch > > > The error page of the jmx-console spits out JSP source code. = > http://127.0.0.1:8080/jmx-console/DisplayOpResult > HTTP Status 500 - > type Exception report > message > description The server encountered an internal error () that prevented it= from fulfilling this request. > exception > org.apache.jasper.JasperException: An exception occurred processing JSP p= age /displayOpResult.jsp at line 12 > 9: > 10: > 11: > 12: > 13: > 14:

-- = This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: htt= p://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira =20 --===============6868736639274948461==-- From jira-events at lists.jboss.org Tue Jun 24 04:56:29 2008 Content-Type: multipart/mixed; boundary="===============1510363183080718655==" MIME-Version: 1.0 From: Dimitris Andreadis (JIRA) To: jboss-jira at lists.jboss.org Subject: [jboss-jira] [JBoss JIRA] Closed: (JBAS-5657) JSP source code exposure in jmx-console Date: Tue, 24 Jun 2008 04:56:28 -0400 Message-ID: <5399113.1214297788975.JavaMail.jira@cloud.prod.atl2.jboss.com> In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com --===============1510363183080718655== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ http://jira.jboss.com/jira/browse/JBAS-5657?page=3Dall ] Dimitris Andreadis closed JBAS-5657. ------------------------------------ > JSP source code exposure in jmx-console > --------------------------------------- > > Key: JBAS-5657 > URL: http://jira.jboss.com/jira/browse/JBAS-5657 > Project: JBoss Application Server > Issue Type: Bug > Security Level: Public(Everyone can see) = > Components: JMX/Web Console > Affects Versions: JBossAS-4.2.2.GA > Reporter: Clive Saldanha > Assigned To: Clive Saldanha > Fix For: JBossAS-4.2.3.GA, JBossAS-5.0.0.CR1 > > Attachments: JBAS-5657.patch > > > The error page of the jmx-console spits out JSP source code. = > http://127.0.0.1:8080/jmx-console/DisplayOpResult > HTTP Status 500 - > type Exception report > message > description The server encountered an internal error () that prevented it= from fulfilling this request. > exception > org.apache.jasper.JasperException: An exception occurred processing JSP p= age /displayOpResult.jsp at line 12 > 9: > 10: > 11: > 12: > 13: > 14:

-- = This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: htt= p://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira =20 --===============1510363183080718655==-- From jira-events at lists.jboss.org Thu Nov 6 15:55:36 2008 Content-Type: multipart/mixed; boundary="===============7564049268416791521==" MIME-Version: 1.0 From: Farah Juma (JIRA) To: jboss-jira at lists.jboss.org Subject: [jboss-jira] [JBoss JIRA] Commented: (JBAS-5657) JSP source code exposure in jmx-console Date: Thu, 06 Nov 2008 15:55:36 -0500 Message-ID: <11205213.1226004936699.JavaMail.jira@cloud.prod.atl2.jboss.com> In-Reply-To: 24038701.1214237198914.JavaMail.jira@cloud.prod.atl2.jboss.com --===============7564049268416791521== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ https://jira.jboss.org/jira/browse/JBAS-5657?page=3Dcom.atlassian.jir= a.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D12437365= #action_12437365 ] = Farah Juma commented on JBAS-5657: ---------------------------------- I have applied simpleErrorPage.patch (see JBPAPP-529) to AS trunk: I created a generic error page for the JMX console that gets displayed when= ever HTTP Status 500 exceptions occur. The error page does not expose the d= etails of the error. > JSP source code exposure in jmx-console > --------------------------------------- > > Key: JBAS-5657 > URL: https://jira.jboss.org/jira/browse/JBAS-5657 > Project: JBoss Application Server > Issue Type: Bug > Security Level: Public(Everyone can see) = > Components: JMX/Web Console > Affects Versions: JBossAS-4.2.2.GA > Reporter: Clive Saldanha > Assignee: Clive Saldanha > Fix For: JBossAS-5.0.0.CR1, JBossAS-4.2.3.GA > > Attachments: JBAS-5657.patch > > > The error page of the jmx-console spits out JSP source code. = > http://127.0.0.1:8080/jmx-console/DisplayOpResult > HTTP Status 500 - > type Exception report > message > description The server encountered an internal error () that prevented it= from fulfilling this request. > exception > org.apache.jasper.JasperException: An exception occurred processing JSP p= age /displayOpResult.jsp at line 12 > 9: > 10: > 11: > 12: > 13: > 14:

-- = This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: htt= ps://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira =20 --===============7564049268416791521==--