Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed: Logout may create a "HTTP Status 500 - Internal Server Error" …
…(OFBIZ-13136) Using <tracking-mode>COOKIE</tracking-mode> did not work. A workaround is to check we don't need to handle the CVE-2024-32113, bypassing by using if (!requestUri.matches("/control/logout;jsessionid=[A-Z0-9]{32}\\.jvm1")) {
- Loading branch information
ff72e55
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "HTTP Status 500 - Internal Server Error" occurs for other requests as well (see attached snapshot from demo)!
Line 137 may be replaced with :
if (requestUri.matches(".*;jsessionid=[A-Z0-9]{32}\\.jvm1")) {
ff72e55
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @saicharanreddykowkuntla,
How did you get to have a jessionid in this URL if not manually? TIA