If you used the Suppress Stack Trace plugin but you still have the stack traces, maybe you need to fill a bug on the plugin tracker.
Le mer. 22 janv. 2020 à 15:53, Momo <[email protected]> a écrit : > > Jenkins was vulnerability detected by web vulnerability scanner > when entering a specific string on the login page, it causes Jenkins to > generate error message as follow... > how to disable(hidden) or custom error page to solve this vulnerability > (sensitive information)... > > i tried > 1. use the latest version (Jenkins) > 2. edit web.xml (<error-page>) > 3. use suppress stack trace plugin > but still show Oops! and stack trace message > > Thanks! > > Stack trace > org.eclipse.jetty.util.Utf8Appendable$NotUtf8Exception: Not valid UTF8! > byte Bf in state 0 > at > org.eclipse.jetty.util.Utf8Appendable.appendByte(Utf8Appendable.java:254) > at > org.eclipse.jetty.util.Utf8Appendable.append(Utf8Appendable.java:155) > at org.eclipse.jetty.util.UrlEncoded.decodeUtf8To(UrlEncoded.java:522) > at org.eclipse.jetty.util.UrlEncoded.decodeTo(UrlEncoded.java:577) > at > org.eclipse.jetty.server.Request.extractFormParameters(Request.java:568) > at > org.eclipse.jetty.server.Request.extractContentParameters(Request.java:519) > at org.eclipse.jetty.server.Request.getParameters(Request.java:430) > Caused: org.eclipse.jetty.http.BadMessageException: 400: Unable to parse > form content > at org.eclipse.jetty.server.Request.getParameters(Request.java:434) > at org.eclipse.jetty.server.Request.getParameter(Request.java:1059) > at > org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.obtainUsername(AuthenticationProcessingFilter.java:113) > at > org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:53) > at > org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252) > at > hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) > at > jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) > ..... > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/c3aee488-f1be-403c-9f95-96654d2e2fca%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/c3aee488-f1be-403c-9f95-96654d2e2fca%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Adrien Lecharpentier -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAKwJSvyDWXa4hUPQF9r-Tzr8h%3DmpjLjO-pMbjY8LB33vyThWEw%40mail.gmail.com.
