How do you Make Error 500 Page for "/bea_wls_internal/HTTPClntSend" Hidden (Doc ID 2091919.1)

Last updated on JUNE 25, 2017

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.

Goal

When you navigate to URL "http://[server]:[port]/bea_wls_internal/HTTPClntSend", error 500 page appears with Weblogic Server Java code stack trace as below.

Error 500--Internal Server Error

java.lang.IllegalArgumentException
at javax.servlet.http.HttpUtils.parseQueryString(HttpUtils.java:103)
at weblogic.rjvm.http.Utils.getQueryStringParameter(Utils.java:97)
at weblogic.rjvm.http.Utils.getConnectionFromID(Utils.java:55)
at weblogic.rjvm.http.TunnelSendServlet.service(TunnelSendServlet.java:16)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3732)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

It looks like a weak security issue.  How can you make this stack trace hidden from client ? 

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms