how to hidden or custom the error page (stack trace), thanks

Wed, 22 Jan 2020 06:53:51 -0800 

Jenkins was vulnerability detected by web vulnerability scanner 
when entering a specific string on the login page, it causes Jenkins to 
generate error message as follow...
how to disable(hidden) or custom error page to solve this vulnerability 
(sensitive information)...

i tried 
1. use the latest version (Jenkins)
2. edit web.xml (<error-page>)
3. use suppress stack trace plugin
but still show Oops! and stack trace message

Thanks!

Stack trace
org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! 
byte Bf in state 0
    at 
org.eclipse.jetty.util.Utf8Appendable.appendByte(Utf8Appendable.java:254)
    at org.eclipse.jetty.util.Utf8Appendable.append(Utf8Appendable.java:155)
    at org.eclipse.jetty.util.UrlEncoded.decodeUtf8To(UrlEncoded.java:522)
    at org.eclipse.jetty.util.UrlEncoded.decodeTo(UrlEncoded.java:577)
    at 
org.eclipse.jetty.server.Request.extractFormParameters(Request.java:568)
    at 
org.eclipse.jetty.server.Request.extractContentParameters(Request.java:519)
    at org.eclipse.jetty.server.Request.getParameters(Request.java:430)
Caused: org.eclipse.jetty.http.BadMessageException: 400: Unable to parse 
form content
    at org.eclipse.jetty.server.Request.getParameters(Request.java:434)
    at org.eclipse.jetty.server.Request.getParameter(Request.java:1059)
    at 
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.obtainUsername(AuthenticationProcessingFilter.java:113)
    at 
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:53)
    at 
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
    at 
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at 
jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
.....

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/c3aee488-f1be-403c-9f95-96654d2e2fca%40googlegroups.com.

Reply via email to