[Bug 54421] New: JMXRemoteLifeCycleListener - jmx.remote.authenticate value not working when there is a trailing space

bugzilla Tue, 15 Jan 2013 09:09:53 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=54421


            Bug ID: 54421
           Summary: JMXRemoteLifeCycleListener - jmx.remote.authenticate
                    value not working when there is a trailing space
           Product: Tomcat 8
           Version: trunk
          Hardware: PC
                OS: Windows Server 2003
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: [email protected]
          Reporter: [email protected]
    Classification: Unclassified

Created attachment 29853
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=29853&action=edit
Trivial patch for triming the value before parsing

When using tomcat as a service on windows, and configuring JMX with
JMXRemoteLifeCycleListener via the JVM options tab, if a trailing space is
present then java parses it as false which could lead to a potential
vulnerability.

I made a trivial patch for tomcat trunk (taking only space into account), but
i'm not sure if it should be declared as a commons-daemon bug ?

I can make a patch to assure the value is true if one of a property
*.jmx.remote.file.access or *.jmx.remote..file.password is present which should
probably be better but could potentially have side effect.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 54421] New: JMXRemoteLifeCycleListener - jmx.remote.authenticate value not working when there is a trailing space

Reply via email to