[jboss-jira] [JBoss JIRA] Commented: (JBAS-5657) JSP source code exposure in jmx-console
Farah Juma (JIRA)
jira-events at lists.jboss.org
Thu Nov 6 15:55:36 EST 2008
[ https://jira.jboss.org/jira/browse/JBAS-5657?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12437365#action_12437365 ]
Farah Juma commented on JBAS-5657:
----------------------------------
I have applied simpleErrorPage.patch (see JBPAPP-529) to AS trunk:
I created a generic error page for the JMX console that gets displayed whenever HTTP Status 500 exceptions occur. The error page does not expose the details of the error.
> JSP source code exposure in jmx-console
> ---------------------------------------
>
> Key: JBAS-5657
> URL: https://jira.jboss.org/jira/browse/JBAS-5657
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JMX/Web Console
> Affects Versions: JBossAS-4.2.2.GA
> Reporter: Clive Saldanha
> Assignee: Clive Saldanha
> Fix For: JBossAS-5.0.0.CR1, JBossAS-4.2.3.GA
>
> Attachments: JBAS-5657.patch
>
>
> The error page of the jmx-console spits out JSP source code.
> http://127.0.0.1:8080/jmx-console/DisplayOpResult
> HTTP Status 500 -
> type Exception report
> message
> description The server encountered an internal error () that prevented it from fulfilling this request.
> exception
> org.apache.jasper.JasperException: An exception occurred processing JSP page /displayOpResult.jsp at line 12
> 9: </head>
> 10: <body>
> 11:
> 12: <jsp:useBean id='opResultInfo' type='org.jboss.jmx.adaptor.control.OpResultInfo' scope='request'/>
> 13:
> 14: <table width="100%">
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list