Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: fuse-6.3-R18-GA
Component/s: Karaf
Labels:
None

Blocked:
False
Ready:
False
Estimated Difficulty:
Low
Fuse Progress Bar:

% %
GSS Priority:
Regression Test:
Todo
Market:

SFDC Cases Counter:
SFDC Cases Links:

The pax-web-jetty library disabled HTTP TRACE but incorrectly by throwing back an exception:
javax.servlet.ServletException: HTTP TRACE method is disabled
Therefore, the client side would get:

$ curl -verbose -X TRACE http://localhost:8181/cxf/greeter
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8181 (#0)
> TRACE /cxf/greeter HTTP/1.1
> Host: localhost:8181
> User-Agent: curl/7.64.1
> Accept: */*
> Referer: rbose
> 
< HTTP/1.1 500 javax.servlet.ServletException: HTTP TRACE method is disabled
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html; charset=ISO-8859-1
< Content-Length: 341
< Connection: close

The "javax.servlet.ServletException" exposes Java platform on server side, which shouldn't happen through HTTP TRACE method.

Correct response should be:

< HTTP/1.1 405 Method Not Allowed

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

patch.txt
1 kB
2021/11/30 1:30 PM

is cloned by

ENTESB-17914 [7.x] The pax-web-jetty library disabled HTTP TRACE method by incorrectly exposing "javax.servlet.ServletException"

Done

Assignee:: Grzegorz Grzybek

Reporter:: Joe Luo

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021/11/30 1:27 PM

Updated:: 2021/12/06 9:40 AM

Resolved:: 2021/12/06 9:40 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates