[jboss-jira] [JBoss JIRA] Commented: (JBAS-5657) JSP source code exposure in jmx-console
[
https://jira.jboss.org/jira/browse/JBAS-5657?page=com.atlassian.jira.plug...
]
Farah Juma commented on JBAS-5657:
----------------------------------
I have applied simpleErrorPage.patch (see JBPAPP-529) to AS trunk:
I created a generic error page for the JMX console that gets displayed whenever HTTP
Status 500 exceptions occur. The error page does not expose the details of the error.
JSP source code exposure in jmx-console
---------------------------------------
Key: JBAS-5657
URL: https://jira.jboss.org/jira/browse/JBAS-5657
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: JMX/Web Console
Affects Versions: JBossAS-4.2.2.GA
Reporter: Clive Saldanha
Assignee: Clive Saldanha
Fix For: JBossAS-5.0.0.CR1, JBossAS-4.2.3.GA
Attachments: JBAS-5657.patch
The error page of the jmx-console spits out JSP source code.
http://127.0.0.1:8080/jmx-console/DisplayOpResult
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling
this request.
exception
org.apache.jasper.JasperException: An exception occurred processing JSP page
/displayOpResult.jsp at line 12
9: </head>
10: <body>
11:
12: <jsp:useBean id='opResultInfo'
type='org.jboss.jmx.adaptor.control.OpResultInfo' scope='request'/>
13:
14: <table width="100%">
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira