[CONFSERVER-9718] DWR debug mode is enabled

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.6.1
Affects Version/s: 2.6.0
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

This gives a potential attacker lots of information about available AJAX request handlers in Confluence.

is duplicated by

CONFSERVER-9727 Security Issue: Access to wiki pages, although anonymous access is disabled

Closed

Paul Curren added a comment - 19/Nov/2007 1:16 AM

If you need to manually fix this problem on your instance you should edit the <confluence install>/confluence/WEB-INF/web.xml and locate the following lines -

<servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class>
    <init-param>
    <param-name>debug</param-name>
    <param-value>true</param-value>
 </init-param>

Change the param-value to false.

Paul Curren added a comment - 19/Nov/2007 1:16 AM If you need to manually fix this problem on your instance you should edit the <confluence install>/confluence/WEB-INF/web.xml and locate the following lines - <servlet-class>uk.ltd.getahead.dwr.DWRServlet</servlet-class> <init-param> <param-name>debug</param-name> <param-value>true</param-value> </init-param> Change the param-value to false .

Christopher Owen [Atlassian] added a comment - 16/Oct/2007 5:19 AM - edited

Yes, needless to say we should not have debug modes enabled by default on shipped products anywhere. Might be useful to hook this mode into Confluence's developer run mode.

Christopher Owen [Atlassian] added a comment - 16/Oct/2007 5:19 AM - edited Yes, needless to say we should not have debug modes enabled by default on shipped products anywhere. Might be useful to hook this mode into Confluence's developer run mode.

Matt Ryall added a comment - 16/Oct/2007 1:52 AM

Quick review from Chris would be good so he's aware of the problem.

Matt Ryall added a comment - 16/Oct/2007 1:52 AM Quick review from Chris would be good so he's aware of the problem.

Assignee:: Christopher Owen [Atlassian]

Reporter:: Matt Ryall

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 16/Oct/2007 1:27 AM

Updated:: 11/Oct/2018 8:39 AM

Resolved:: 16/Oct/2007 5:19 AM

Confluence Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Paul Curren added a comment - 19/Nov/2007 1:16 AM

Expand comment: Paul Curren added a comment - 19/Nov/2007 1:16 AM

Collapse comment: Christopher Owen [Atlassian] added a comment - 16/Oct/2007 5:19 AM, Edited by Paul Curren - 18/Nov/2007 11:17 PM

Expand comment: Christopher Owen [Atlassian] added a comment - 16/Oct/2007 5:19 AM, Edited by Paul Curren - 18/Nov/2007 11:17 PM

Collapse comment: Matt Ryall added a comment - 16/Oct/2007 1:52 AM

Expand comment: Matt Ryall added a comment - 16/Oct/2007 1:52 AM

People

Dates