commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron (JIRA)" <>
Subject [jira] [Created] (BEANUTILS-510) Able to cause error 500 on any application running BeanUtils
Date Wed, 11 Jul 2018 18:50:00 GMT
Aaron created BEANUTILS-510:

             Summary: Able to cause error 500 on any application running BeanUtils
                 Key: BEANUTILS-510
             Project: Commons BeanUtils
          Issue Type: Bug
    Affects Versions: 1.9.3
         Environment: *
            Reporter: Aaron

By adding the characters ;?[ to the end of a URL (before URL parameters, if there are any)
on an application running BeanUtils, you are able to cause an HTTP error 500 on the application.
Here is the stack trace:


{{java.lang.IllegalArgumentException: Missing End Delimiter}}
{{    at org.apache.commons.beanutils.expression.DefaultResolver.getIndex(}}
{{    at org.apache.commons.beanutils.BeanUtilsBean.setProperty(}}
{{    at org.apache.commons.beanutils.BeanUtilsBean.populate(}}
{{    at org.apache.commons.beanutils.BeanUtils.populate(}}
{{    at org.apache.struts.util.RequestUtils.populate(}}
{{    at org.apache.struts.action.RequestProcessor.processPopulate(}}
{{    at org.apache.struts.action.RequestProcessor.process(}}
{{    at org.apache.struts.action.ActionServlet.process(}}
{{    at org.apache.struts.action.ActionServlet.doGet(}}
{{    at javax.servlet.http.HttpServlet.service(}}
{{    at javax.servlet.http.HttpServlet.service(}}

This message was sent by Atlassian JIRA

View raw message