Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.9.3
-
None
-
None
-
None
-
*
Description
By adding the characters ;?[ to the end of a URL (before URL parameters, if there are any) on an application running BeanUtils, you are able to cause an HTTP error 500 on the application. Here is the stack trace:
java.lang.IllegalArgumentException: Missing End Delimiter
at org.apache.commons.beanutils.expression.DefaultResolver.getIndex(DefaultResolver.java:90)
at org.apache.commons.beanutils.BeanUtilsBean.setProperty(BeanUtilsBean.java:913)
at org.apache.commons.beanutils.BeanUtilsBean.populate(BeanUtilsBean.java:823)
at org.apache.commons.beanutils.BeanUtils.populate(BeanUtils.java:431)
at org.apache.struts.util.RequestUtils.populate(RequestUtils.java:493)
at org.apache.struts.action.RequestProcessor.processPopulate(RequestProcessor.java:816)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:203)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)