Download
Getting Started
Members
Projects
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
More
Community
Marketplace
Events
Planet Eclipse
Newsletter
Videos
Participate
Report a Bug
Forums
Mailing Lists
Wiki
IRC
How to Contribute
Working Groups
Automotive
Internet of Things
LocationTech
Long-Term Support
PolarSys
Science
OpenMDM
Toggle navigation
Bugzilla – Attachment 279253 Details for
Bug 546816
Reflected XSS vulnerability in the __format URL parameter
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
Terms of Use
|
Copyright Agent
log
log_546816.txt (text/plain), 13.37 KB, created by
Galina Derenshteyn
on 2019-07-11 15:09:21 EDT
(
hide
)
Description:
log
Filename:
MIME Type:
Creator:
Galina Derenshteyn
Created:
2019-07-11 15:09:21 EDT
Size:
13.37 KB
patch
obsolete
>+ org.eclipse.birt.report.service.api.ReportServiceException: The output format html';alert(1)// is not supported. > > >AxisFault > > faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException > > faultSubcode: > > faultString: org.eclipse.birt.report.service.api.ReportServiceException: The output format html';alert(1)// is not supported. > > faultActor: > > faultNode: > > faultDetail: > > {http://xml.apache.org/axis/}stackTrace:org.eclipse.birt.report.service.api.ReportServiceException: The output format html';alert(1)// is not supported. > > at org.eclipse.birt.report.service.ReportEngineService.throwDummyException(ReportEngineService.java:1115) > > at org.eclipse.birt.report.service.ReportEngineService.runAndRenderReport(ReportEngineService.java:943) > > at org.eclipse.birt.report.service.BirtViewerReportService.runAndRenderReport(BirtViewerReportService.java:973) > > at org.eclipse.birt.report.service.actionhandler.BirtRunAndRenderActionHandler.__execute(BirtRunAndRenderActionHandler.java:75) > > at org.eclipse.birt.report.service.actionhandler.AbstractBaseActionHandler.execute(AbstractBaseActionHandler.java:90) > > at org.eclipse.birt.report.presentation.aggregation.layout.RunFragment.doService(RunFragment.java:120) > > at org.eclipse.birt.report.presentation.aggregation.layout.FramesetFragment.service(FramesetFragment.java:86) > > at org.eclipse.birt.report.servlet.ViewerServlet.__doGet(ViewerServlet.java:178) > > at org.eclipse.birt.report.servlet.BirtSoapMessageDispatcherServlet.doGet(BirtSoapMessageDispatcherServlet.java:156) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) > > at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) > > at org.eclipse.birt.report.servlet.BirtSoapMessageDispatcherServlet.service(BirtSoapMessageDispatcherServlet.java:118) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.eclipse.birt.report.filter.ViewerFilter.doFilter(ViewerFilter.java:70) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) > > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) > > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) > > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) > > at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) > > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) > > at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783) > > at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > > at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789) > > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) > > at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:745) > >Caused by: org.eclipse.birt.report.engine.api.UnsupportedFormatException: The output format html';alert(1)// is not supported. > > at org.eclipse.birt.report.engine.api.impl.EngineTask.setupRenderOption(EngineTask.java:2178) > > at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.doRun(RunAndRenderTask.java:94) > > at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.run(RunAndRenderTask.java:74) > > at org.eclipse.birt.report.service.ReportEngineService.runAndRenderReport(ReportEngineService.java:937) > > ... 36 more > > > > {http://xml.apache.org/axis/}hostname:GDERENSH6ZJ5QD2 > > {}:org.eclipse.birt.report.service.api.ReportServiceException: The output format html';alert(1)// is not supported. > > at org.eclipse.birt.report.service.ReportEngineService.throwDummyException(ReportEngineService.java:1115) > > at org.eclipse.birt.report.service.ReportEngineService.runAndRenderReport(ReportEngineService.java:943) > > at org.eclipse.birt.report.service.BirtViewerReportService.runAndRenderReport(BirtViewerReportService.java:973) > > at org.eclipse.birt.report.service.actionhandler.BirtRunAndRenderActionHandler.__execute(BirtRunAndRenderActionHandler.java:75) > > at org.eclipse.birt.report.service.actionhandler.AbstractBaseActionHandler.execute(AbstractBaseActionHandler.java:90) > > at org.eclipse.birt.report.presentation.aggregation.layout.RunFragment.doService(RunFragment.java:120) > > at org.eclipse.birt.report.presentation.aggregation.layout.FramesetFragment.service(FramesetFragment.java:86) > > at org.eclipse.birt.report.servlet.ViewerServlet.__doGet(ViewerServlet.java:178) > > at org.eclipse.birt.report.servlet.BirtSoapMessageDispatcherServlet.doGet(BirtSoapMessageDispatcherServlet.java:156) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) > > at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) > > at org.eclipse.birt.report.servlet.BirtSoapMessageDispatcherServlet.service(BirtSoapMessageDispatcherServlet.java:118) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.eclipse.birt.report.filter.ViewerFilter.doFilter(ViewerFilter.java:70) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) > > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) > > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) > > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) > > at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) > > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) > > at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783) > > at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > > at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789) > > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) > > at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:745) > >Caused by: org.eclipse.birt.report.engine.api.UnsupportedFormatException: The output format html';alert(1)// is not supported. > > at org.eclipse.birt.report.engine.api.impl.EngineTask.setupRenderOption(EngineTask.java:2178) > > at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.doRun(RunAndRenderTask.java:94) > > at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.run(RunAndRenderTask.java:74) > > at org.eclipse.birt.report.service.ReportEngineService.runAndRenderReport(ReportEngineService.java:937) > > ... 36 more > > > > > >org.eclipse.birt.report.service.api.ReportServiceException: The output format html';alert(1)// is not supported. > > at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) > > at org.eclipse.birt.report.utility.BirtUtility.makeAxisFault(BirtUtility.java:777) > > at org.eclipse.birt.report.service.actionhandler.AbstractBaseActionHandler.execute(AbstractBaseActionHandler.java:94) > > at org.eclipse.birt.report.presentation.aggregation.layout.RunFragment.doService(RunFragment.java:120) > > at org.eclipse.birt.report.presentation.aggregation.layout.FramesetFragment.service(FramesetFragment.java:86) > > at org.eclipse.birt.report.servlet.ViewerServlet.__doGet(ViewerServlet.java:178) > > at org.eclipse.birt.report.servlet.BirtSoapMessageDispatcherServlet.doGet(BirtSoapMessageDispatcherServlet.java:156) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) > > at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) > > at org.eclipse.birt.report.servlet.BirtSoapMessageDispatcherServlet.service(BirtSoapMessageDispatcherServlet.java:118) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.eclipse.birt.report.filter.ViewerFilter.doFilter(ViewerFilter.java:70) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) > > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) > > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) > > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) > > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) > > at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) > > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) > > at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783) > > at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > > at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789) > > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) > > at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:745) > >Caused by: org.eclipse.birt.report.service.api.ReportServiceException: The output format html';alert(1)// is not supported. > > at org.eclipse.birt.report.service.ReportEngineService.throwDummyException(ReportEngineService.java:1115) > > at org.eclipse.birt.report.service.ReportEngineService.runAndRenderReport(ReportEngineService.java:943) > > at org.eclipse.birt.report.service.BirtViewerReportService.runAndRenderReport(BirtViewerReportService.java:973) > > at org.eclipse.birt.report.service.actionhandler.BirtRunAndRenderActionHandler.__execute(BirtRunAndRenderActionHandler.java:75) > > at org.eclipse.birt.report.service.actionhandler.AbstractBaseActionHandler.execute(AbstractBaseActionHandler.java:90) > > ... 33 more > >Caused by: org.eclipse.birt.report.engine.api.UnsupportedFormatException: The output format html';alert(1)// is not supported. > > at org.eclipse.birt.report.engine.api.impl.EngineTask.setupRenderOption(EngineTask.java:2178) > > at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.doRun(RunAndRenderTask.java:94) > > at org.eclipse.birt.report.engine.api.impl.RunAndRenderTask.run(RunAndRenderTask.java:74) > > at org.eclipse.birt.report.service.ReportEngineService.runAndRenderReport(ReportEngineService.java:937) > > ... 36 more
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=279253">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 546816
: 279253
