https://issues.apache.org/bugzilla/show_bug.cgi?id=54421
Bug ID: 54421
Summary: JMXRemoteLifeCycleListener - jmx.remote.authenticate
value not working when there is a trailing space
Product: Tomcat 8
Version: trunk
Hardware: PC
OS: Windows Server 2003
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: cedric.coura...@gmail.com
Classification: Unclassified
Created attachment 29853
--> https://issues.apache.org/bugzilla/attachment.cgi?id=29853&action=edit
Trivial patch for triming the value before parsing
When using tomcat as a service on windows, and configuring JMX with
JMXRemoteLifeCycleListener via the JVM options tab, if a trailing space is
present then java parses it as false which could lead to a potential
vulnerability.
I made a trivial patch for tomcat trunk (taking only space into account), but
i'm not sure if it should be declared as a commons-daemon bug ?
I can make a patch to assure the value is true if one of a property
*.jmx.remote.file.access or *.jmx.remote..file.password is present which should
probably be better but could potentially have side effect.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
