You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Timothy Bish (JIRA)" <ji...@apache.org> on 2011/08/11 20:14:27 UTC

[jira] [Closed] (AMQ-3345) Possible CSRF attack on 5.5

     [ https://issues.apache.org/jira/browse/AMQ-3345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Timothy Bish closed AMQ-3345.
-----------------------------

    Resolution: Cannot Reproduce

> Possible CSRF attack on 5.5
> ---------------------------
>
>                 Key: AMQ-3345
>                 URL: https://issues.apache.org/jira/browse/AMQ-3345
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.5.0
>         Environment: Ubuntu server LTS 10.04.2
> Linux abertis 2.6.32-32-server #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 x86_64 GNU/Linux
> Java HotSpot(TM) 64-Bit Server VM (build 11.0-b15, mixed mode)
>            Reporter: Javier Segura
>              Labels: csrf
>
> When trying to purge the contents of any queue, I receive:
> 2011-06-01 11:28:31,103 | WARN  | /admin/queues.jsp | org.eclipse.jetty.util.log | qtp85031456-16
> javax.el.ELException: java.lang.reflect.UndeclaredThrowableException
>         at org.apache.activemq.web.handler.BindingBeanNameUrlHandlerMapping.getHandlerInternal(BindingBeanNameUrlHandlerMapping.java:58)
>         at org.springframework.web.servlet.handler.AbstractHandlerMapping.getHandler(AbstractHandlerMapping.java:184)
>         at org.springframework.web.servlet.DispatcherServlet.getHandler(DispatcherServlet.java:945)
>         at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:753)
>         at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
>         at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
>         at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>         at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:527)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1216)
>         at org.apache.activemq.web.AuditFilter.doFilter(AuditFilter.java:59)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
>         at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
>         at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
>         at org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:81)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
>         at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
>         at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
>         at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1187)
>         at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:421)
>         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
>         at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:493)
>         at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
>         at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:930)
>         at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:358)
>         at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
>         at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:866)
>         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
>         at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
>         at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:456)
>         at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
>         at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
>         at org.eclipse.jetty.server.Server.handle(Server.java:351)
>         at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)
>         at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)
>         at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)
>         at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
>         at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
>         at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)
>         at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
>         at java.lang.Thread.run(Thread.java:619)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira