-
Bug
-
Resolution: Fixed
-
Low
-
7.4.3
-
2
-
Severity 3 - Minor
-
Issue Summary
Adding an extra forward slash '/' in the download attachment URL results in a stack trace.
Steps to Reproduce
- Append an extra slash to a download attachment URL, similar to this:
http://<base_url>:<port>/<context_path>//download/attachments
Expected Results
A 'page not found', 404 or similar error displays.
Actual Results
A stack trace is thrown pointing to an NPE:
java.lang.NullPointerException at com.atlassian.confluence.servlet.download.AttachmentDownload.getStreamForDownload(AttachmentDownload.java:118) at com.atlassian.confluence.servlet.download.ServeAfterTransactionDownload$StreamResultCallback.doInTransaction(ServeAfterTransactionDownload.java:111) at com.atlassian.confluence.servlet.download.ServeAfterTransactionDownload$StreamResultCallback.doInTransaction(ServeAfterTransactionDownload.java:94) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) at com.atlassian.confluence.servlet.download.ServeAfterTransactionDownload.getStreamInTransaction(ServeAfterTransactionDownload.java:39) at com.atlassian.confluence.servlet.download.ServeAfterTransactionDownload.serveFile(ServeAfterTransactionDownload.java:45) at com.atlassian.plugin.servlet.AbstractFileServerServlet.doGet(AbstractFileServerServlet.java:28) at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.atlassian.confluence.web.filter.DebugFilter.doFilter(DebugFilter.java:46) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:39) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.lambda$doFilter$0(DelegatingPluginFilter.java:57) at com.atlassian.confluence.image.effects.ImageFilterFilter.doFilter(ImageFilterFilter.java:43) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:62) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:37) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.lambda$doFilter$0(DelegatingPluginFilter.java:57) at com.atlassian.confluence.plugins.baseurl.IncludeResourcesFilter.doFilter(IncludeResourcesFilter.java:52) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32)
Workaround
Currently, there is no known workaround for this behavior. A workaround will be added here when available.
- is related to
-
-
- Closed
-
- follows
-
VULN-352544 Loading...
- links to
