[Bug 60925] New: Running with SecurityManager - Property 'serverInfo' not found on type org.apache.catalina.core.ApplicationContextFacade

Mon, 27 Mar 2017 16:02:01 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=60925

            Bug ID: 60925
           Summary: Running with SecurityManager - Property 'serverInfo'
                    not found on type
                    org.apache.catalina.core.ApplicationContextFacade
           Product: Tomcat 8
           Version: 8.5.12
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: EL
          Assignee: dev@tomcat.apache.org
          Reporter: knst.koli...@gmail.com
  Target Milestone: ----

Created attachment 34884
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34884&action=edit
localhost.2017-03-28.log

Noted when smoke-testing 8.5.13 RC, but this is reproducible with released
8.5.12 as well, so it is not a regression.

Steps to reproduce:
1. Start Tomcat 8.5 with security manager enabled
catalina.bat start -security

2. Access the root page,
http://localhost:8080/

It fails with error 500.
Stacktrace from 8.5.13:

javax.el.PropertyNotFoundException: Property 'serverInfo' not found on type
org.apache.catalina.core.ApplicationContextFacade
 at javax.el.BeanELResolver$BeanProperties.get(BeanELResolver.java:259)
 at javax.el.BeanELResolver$BeanProperties.access$300(BeanELResolver.java:212)
 at javax.el.BeanELResolver.property(BeanELResolver.java:346)
 at javax.el.BeanELResolver.getValue(BeanELResolver.java:92)
 at org.apache.jasper.el.JasperELResolver.getValue(JasperELResolver.java:110)
 at org.apache.el.parser.AstValue.getValue(AstValue.java:169)
 at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:184)
 at
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(PageContextImpl.java:944)
 at org.apache.jsp.index_jsp._jspService(index_jsp.java:155)

See attached file with full stacktrace.


Notes:
1. This does not happen when running without SecurityManager.
2. This does not depends on version of java (occurs both with 7u80 and 8u121).


I have seen similar errors when we were fixing CVE-2014-7810
(see thread from 2014-11-17), but it should have been fixed by r1644017
that improved javax.el.BeanELResolver.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to