Return 400 status for invalid URI #25291
Assignees
Labels
in:Web Components
release bug
This bug is present in a released version of Open Liberty
release:23009
team:Sirius
Projects
Milestone
Comments
pmd1nh
added
the
release bug
pnicolucci
modified the milestones:
[Iteration 23.12] Jun 5 - Jun 16,
[Iteration 23.13] Jun 19 - Jun 30
pnicolucci
modified the milestones:
[Iteration 23.13] Jun 19 - Jun 30,
[Iteration 23.14] Jul 3 - Jul 14
pnicolucci
modified the milestones:
[Iteration 23.14] Jul 3 - Jul 14,
[Iteration 23.15] Jul 17 - Jul 28
pnicolucci
modified the milestones:
[Iteration 23.15] Jul 17 - Jul 28,
[Iteration 23.16] Jul 31 - Aug 11
pnicolucci
modified the milestones:
[Iteration 23.16] Jul 31 - Aug 11,
[Iteration 23.17] Aug 14 - Aug 25
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
com.ibm.ws.webcontainer.set400SCOnTooManyParentDirs="true" does not have an effect. Default value is false.
Also need a shortname for it in Liberty
Steps to Reproduce
When a request URI has too many traverse path characters (i.e /contextRoot/../../../../../index.jsp ), the request is rejected with a 500 status code. It should have rejected with a 400 (Bad Request).
Expected behavior
After set com.ibm.ws.webcontainer.set400SCOnTooManyParentDirs="true", request with too many path traversal character (i.e /../../ ) should be returned with 400 Bad Request.
Diagnostic information:
Additional context
Note: Servlet-6.0+ returns 400 Bad Request without any additional property.
The text was updated successfully, but these errors were encountered: