how to hidden or custom the error page (stack trace), thanks
52 views
Skip to first unread message
Momo
Jan 22, 2020, 9:53:23 AM1/22/20
to Jenkins Users
Jenkins was vulnerability detected by web vulnerability scanner
when entering a specific string on the login page, it causes Jenkins to generate error message as follow...
how to disable(hidden) or custom error page to solve this vulnerability (sensitive information)...
i tried
1. use the latest version (Jenkins)
2. edit web.xml (<error-page>)
3. use suppress stack trace plugin
but still show Oops! and stack trace message
Thanks!
Stack trace
org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte Bf in state 0
at org.eclipse.jetty.util.Utf8Appendable.appendByte(Utf8Appendable.java:254)
at org.eclipse.jetty.util.Utf8Appendable.append(Utf8Appendable.java:155)
at org.eclipse.jetty.util.UrlEncoded.decodeUtf8To(UrlEncoded.java:522)
at org.eclipse.jetty.util.UrlEncoded.decodeTo(UrlEncoded.java:577)
at org.eclipse.jetty.server.Request.extractFormParameters(Request.java:568)
at org.eclipse.jetty.server.Request.extractContentParameters(Request.java:519)
at org.eclipse.jetty.server.Request.getParameters(Request.java:430)
Caused: org.eclipse.jetty.http.BadMessageException: 400: Unable to parse form content
at org.eclipse.jetty.server.Request.getParameters(Request.java:434)
at org.eclipse.jetty.server.Request.getParameter(Request.java:1059)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.obtainUsername(AuthenticationProcessingFilter.java:113)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:53)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
.....
org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! byte Bf in state 0
at org.eclipse.jetty.util.Utf8Appendable.appendByte(Utf8Appendable.java:254)
at org.eclipse.jetty.util.Utf8Appendable.append(Utf8Appendable.java:155)
at org.eclipse.jetty.util.UrlEncoded.decodeUtf8To(UrlEncoded.java:522)
at org.eclipse.jetty.util.UrlEncoded.decodeTo(UrlEncoded.java:577)
at org.eclipse.jetty.server.Request.extractFormParameters(Request.java:568)
at org.eclipse.jetty.server.Request.extractContentParameters(Request.java:519)
at org.eclipse.jetty.server.Request.getParameters(Request.java:430)
Caused: org.eclipse.jetty.http.BadMessageException: 400: Unable to parse form content
at org.eclipse.jetty.server.Request.getParameters(Request.java:434)
at org.eclipse.jetty.server.Request.getParameter(Request.java:1059)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.obtainUsername(AuthenticationProcessingFilter.java:113)
at org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:53)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
.....
Adrien Lecharpentier
Jan 22, 2020, 10:05:05 AM1/22/20
to Jenkins Users
If you used the Suppress Stack Trace plugin but you still have the stack traces, maybe you need to fill a bug on the plugin tracker.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/c3aee488-f1be-403c-9f95-96654d2e2fca%40googlegroups.com.
--
Adrien Lecharpentier
Reply all
Reply to author
Forward
0 new messages