My Oracle Support Banner

Error message displayed on UI has technical information (Doc ID 2787707.1)

Last updated on JULY 05, 2021

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 8.0.0 and later
Information in this document applies to any platform.

Symptoms

ACTUAL BEHAVIOUR
While accessing any resource under OFSAA context (eg: [https://<WEBSERVER_HOSTNAME>:/CONTEXT_NAME/WEB-INF/web.xml], it displays technical information like Webserver type/webserver version.




EXPECTED BEHAVIOUR
While accessing any resource under OFSAA context (eg: [https://<WEBSERVER_HOSTNAME>:/CONTEXT_NAME/WEB-INF/web.xml] it should error out with custom error page(Generic error message)

STEPS TO REPRODUCE:
Upon logging in and closing the session and re-entering the URL as below in new tab, it would give generic error message like "Invalid request/Error while processing the request" which is expected.
https://<WEBSERVER_HOSTNAME>:/CONTEXT_NAME/WEB-INF/web.xml]
However, once after clearing the browser cache and hitting URL directly (https://<WEBSERVER_HOSTNAME>:/CONTEXT_NAME/WEB-INF/web.xml], it throws HTTP 404 error and display webserver type and its version as above.

BUSINESS IMPACT:
Technical information leakage.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.