Dear managers,
I was access build https://build.pmease.com/build/aaa.
Quickbuild links are easy to break and expose exception information. In addition, the even more "troubling" information exposure is giving a list of detailed info on server info like OS, user etc. This is rather dangerous for exploiting quickbuild servers including unauthorised users, attackers who have penetrated the network and try to escalate their attack etc.
Error detail:
Error Details:
Message: Can't instantiate page using constructor 'public com.pmease.quickbuild.web.page.build.BuildPage(org.apache.wicket.request.mapper.parameter.PageParameters)' and argument '0=[aaa], '. Might be it doesn't exist, may be it is not visible (public).
Root cause:
java.lang.NumberFormatException: For input string: "aaa"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Long.parseLong(Long.java:589)
at java.lang.Long.valueOf(Long.java:803)
at com.pmease.quickbuild.web.page.build.BuildPage.getConfigurationId(BuildPage.java:124)
at com.pmease.quickbuild.web.page.build.BuildPage.<init>(BuildPage.java:172)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:173)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:97)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:47)
at org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:107)
at org.apache.wicket.request.handler.PageProvider.getPageInstance(PageProvider.java:273)
at org.apache.wicket.request.handler.PageProvider.getPageInstance(PageProvider.java:167)
at org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:105)
at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:182)
at org.apache.wicket.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:147)
at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:719)
at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:63)
at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:210)
at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:253)
at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:162)
at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at com.pmease.quickbuild.web.MainServlet.service(MainServlet.java:135)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.equinox.http.helper.FilterServletAdaptor$FilterChainImpl.doFilter(FilterServletAdaptor.java:56)
at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:83)
at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:365)
at org.eclipse.equinox.http.helper.FilterServletAdaptor.service(FilterServletAdaptor.java:37)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
at com.pmease.quickbuild.Quickbuild$DisableTraceFilter.doFilter(Quickbuild.java:1178)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:499)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:258)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:821)
Complete stack:
org.apache.wicket.WicketRuntimeException: Can't instantiate page using constructor 'public com.pmease.quickbuild.web.page.build.BuildPage(org.apache.wicket.request.mapper.parameter.PageParameters)' and argument '0=[aaa], '. Might be it doesn't exist, may be it is not visible (public).
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:196)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:97)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:47)
at org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:107)
at org.apache.wicket.request.handler.PageProvider.getPageInstance(PageProvider.java:273)
at org.apache.wicket.request.handler.PageProvider.getPageInstance(PageProvider.java:167)
at org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:105)
at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:182)
at org.apache.wicket.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:147)
at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:719)
at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:63)
at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:210)
at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:253)
at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:162)
java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedConstructorAccessor242.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:173)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:97)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:47)
at org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:107)
at org.apache.wicket.request.handler.PageProvider.getPageInstance(PageProvider.java:273)
at org.apache.wicket.request.handler.PageProvider.getPageInstance(PageProvider.java:167)
at org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:105)
at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:182)
at org.apache.wicket.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:147)
at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:719)
at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:63)
at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:210)
at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:253)
at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:162)
Do you any solution for it ?