Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Ugly HTTP 500 code

Description

This is not a real bug, but an ugly issue - is it any way how to hide JSP pages from direct Tomcat execution? They return 500 HTTP code and reveal a lot information (code structure, web server version, ..)

see for example:

http://www.liferay.com/html/portal/status.jsp
http://www.liferay.com/html/portal/test.jsp

according to these responses, the potencial attacker can easily gain the exact version of Tomcat and identify Liferay. I want to hide all this kind of information.

Temporarily I have solved it by custom error pages in Tomcat, but it's also ugly solution.

Pavol

Environment

All versions of Liferay

Activity

Show:

Cynthia Wilburn July 23, 2010 at 9:09 PM

This ticket is being closed as inactive due to the date of the last activity on it and a need for a current affected version. If you believe this was done in error, please create a new issue and confirm that it is reproduceable in the current 6 CE GA release.

In recent months Liferay has received a significant number of anomaly reports many of which are really requests for help. Because of this fact, the real bug reports are no longer easily identifiable. To remedy this problem we need your assistance. We will working towards closing open tickets that meet specific criteria and ask you to create a new issue for those that that are truly bug reports. We'll be monitoring those tickets so that they are properly managed.

Thank you,
The Liferay Team
ICS120109

Inactive

Details

Assignee

Reporter

Affects versions

Priority

Zendesk Support

Created November 2, 2009 at 9:59 AM
Updated June 23, 2023 at 9:07 PM
Resolved July 23, 2010 at 9:09 PM
Loading...