Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: fuse-7.11-GA
Affects Version/s: fuse-7.9-GA
Component/s: Karaf
Labels:
None

Blocked:
False
Ready:
False
Estimated Difficulty:
Low
Fuse Progress Bar:

% %
Regression Test:
Todo
Target Release:

fuse-7.11-GA
Git Pull Request:
https://github.com/jboss-fuse/karaf/pull/532

SFDC Cases Counter:
SFDC Cases Links:

Description

The pax-web-jetty library disabled HTTP TRACE but incorrectly by throwing back an exception:
javax.servlet.ServletException: HTTP TRACE method is disabled
Therefore, the client side would get:

$ curl -verbose -X TRACE http://localhost:8181/cxf/greeter
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8181 (#0)
> TRACE /cxf/greeter HTTP/1.1
> Host: localhost:8181
> User-Agent: curl/7.64.1
> Accept: */*
> Referer: rbose
> 
< HTTP/1.1 500 javax.servlet.ServletException: HTTP TRACE method is disabled
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html; charset=ISO-8859-1
< Content-Length: 341
< Connection: close

The "javax.servlet.ServletException" exposes Java platform on server side, which shouldn't happen through HTTP TRACE method.

Correct response should be:

< HTTP/1.1 405 Method Not Allowed

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

patch.txt
1 kB
2021/12/02 9:02 AM

Issue Links

clones

ENTESB-17903 [6.3] The pax-web-jetty library disabled HTTP TRACE method by incorrectly exposing "javax.servlet.ServletException"

Closed

links to

org.ops4j.pax.web/issues/1667 – [7.4] Unify handling of TRACE + OPTIONS methods across runtimes

Activity

People

Assignee:: Grzegorz Grzybek

Reporter:: Joe Luo

Tester:: Federico Mariani

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021/12/02 9:02 AM

Updated:: 2022/04/13 8:27 AM

Resolved:: 2022/04/13 8:27 AM