date:20160218

Re: Weird behavior with new 9.x Hotfix

2016-02-18 Thread Warren R. Baltimore II

If it is the report, it's an issue with the report tool.  These are all
"Web" reports that work on the unpatched server, but not the patched.  To
simplify, I just created a simple report that only has the Assigned Group
field.  The error is triggered when a user either searches the help desk
form for all tickets that are assigned to a group that starts with the
letter "U", and then attempts to run the report against the results.  The
other way to trigger it is to override any embedded search and use the
"Show Additional Filter" feature.  Pulling back any Help desk tickets that
have an assigned group name that starts with "U".

I included the .rptdesign file for this.

Luckily, BMC has actually seen this behavior already with another customer
(for that customer, it is an issue with the company name that beings with
"U").

On Thu, Feb 18, 2016 at 9:40 AM, Jain, Gourav  wrote:

> **
>
> Warren This problem is occurring because some un escape character exist in
> your report parameters.
>
> You have some un escape char value in report parameters. Provide us the
> report parameters for the problematic report.
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] *On Behalf Of *Warren R. Baltimore II
> *Sent:* 18 February 2016 00:05
> *To:* arslist@ARSLIST.ORG
> *Subject:* Re: Weird behavior with new 9.x Hotfix
>
>
>
> **
>
> Yep...  My thoughts also.  I just got off the phone with BMC and they do
> have 1 other customer on an 8.x mid tier experiencing a similar issue
> (Company name this time is the trigger...also starts with "U".).
>
>
>
> On Wed, Feb 17, 2016 at 12:27 PM, LJ LongWing 
> wrote:
>
> **
>
> LOLWarren, I'm sorry...but this obviously has something to do with the
> Mid-Tier trying to 'escape' a group name starting with U thinking that it's
> a unicode 'code' (http://unicode-table.com/en/)...no clue why that's
> happening of course, but BMC will be the only ones able to fix this
> particular problem.
>
>
>
> On Wed, Feb 17, 2016 at 10:14 AM, Warren R. Baltimore II <
> warrenbaltim...@gmail.com> wrote:
>
> **
>
> Oh, and this behavior happens regardless of the report type...could be Web
> or AR System (we don't use the Crystal reports).
>
>
>
> On Wed, Feb 17, 2016 at 12:12 PM, Warren R. Baltimore II <
> warrenbaltim...@gmail.com> wrote:
>
> We recently installed a hotfix on the midtier to resolve a number of
> issues.  In the process though, it seems to have created havoc with some of
> our reporting.
>
> Specifics first!
>
> ARS 9.0.01/ITSM 9.0.01
>
> Mid tier hotfix 9.0.01 201512181241
>
>
>
> Windows 2008 r2 servers (3 app servers and 3 mid tier)
>
> Apache Tomcat 7.0.62
>
> Java V 8u66
>
> We have a group called "UFMS".
>
> They have a report that is designed to bring back open tickets for that
> group.
>
> When you run the report from the report console where assigned group is
> "UFMS", we receive the following error:
> HTTP Status 500 - Unable to parse unicode value: fms\
> --
>
> *type* Exception report
>
> *message* *Unable to parse unicode value: fms\*
>
> *description* *The server encountered an internal error that prevented it
> from fulfilling this request.*
>
> *exception*
>
> org.apache.commons.lang.exception.NestableRuntimeException: Unable to parse 
> unicode value: fms\
>
>
> org.apache.commons.lang.StringEscapeUtils.unescapeJava(StringEscapeUtils.java:337)
>
>
> org.apache.commons.lang.StringEscapeUtils.unescapeJava(StringEscapeUtils.java:287)
>
>com.remedy.arsys.support.Validator.URLParamHasXSSTag(Validator.java:219)
>
>
> com.remedy.arsys.stubs.AuthenticationHelperServlet.setupEnv(AuthenticationHelperServlet.java:143)
>
>
> com.remedy.arsys.stubs.AuthenticationHelperServlet.doRequest(AuthenticationHelperServlet.java:78)
>
>
> com.remedy.arsys.stubs.GoatHttpServlet.postInternal(GoatHttpServlet.java:98)
>
>com.remedy.arsys.stubs.GoatHttpServlet.doPost(GoatHttpServlet.java:62)
>
>javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>
>javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>
>org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>
>com.remedy.arsys.stubs.ReportServlet.doRequest(ReportServlet.java:80)
>
>
> com.remedy.arsys.stubs.GoatHttpServlet.postInternal(GoatHttpServlet.java:98)
>
>com.remedy.arsys.stubs.GoatHttpServlet.doPost(GoatHttpServlet.java:62)
>
>javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>
>javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>
>org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>
>com.remedy.arsys.stubs.TenancyFilter.doFilter(TenancyFilter.java:49)
>
> *root cause*
>
> java.lang.NumberFormatException: For input string: "fms\"
>
>
> java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
>
>java.lang.Integer.parseInt(Integer.java:580)
>
>
>

Re: Weird behavior with new 9.x Hotfix

2016-02-18 Thread Jain, Gourav

Warren This problem is occurring because some un escape character exist in your 
report parameters.
You have some un escape char value in report parameters. Provide us the report 
parameters for the problematic report.
From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Warren R. Baltimore II
Sent: 18 February 2016 00:05
To: arslist@ARSLIST.ORG
Subject: Re: Weird behavior with new 9.x Hotfix

**
Yep...  My thoughts also.  I just got off the phone with BMC and they do have 1 
other customer on an 8.x mid tier experiencing a similar issue (Company name 
this time is the trigger...also starts with "U".).

On Wed, Feb 17, 2016 at 12:27 PM, LJ LongWing 
> wrote:
**
LOLWarren, I'm sorry...but this obviously has something to do with the 
Mid-Tier trying to 'escape' a group name starting with U thinking that it's a 
unicode 'code' (http://unicode-table.com/en/)...no clue why that's happening of 
course, but BMC will be the only ones able to fix this particular problem.

On Wed, Feb 17, 2016 at 10:14 AM, Warren R. Baltimore II 
> wrote:
**
Oh, and this behavior happens regardless of the report type...could be Web or 
AR System (we don't use the Crystal reports).

On Wed, Feb 17, 2016 at 12:12 PM, Warren R. Baltimore II 
> wrote:
We recently installed a hotfix on the midtier to resolve a number of issues.  
In the process though, it seems to have created havoc with some of our 
reporting.
Specifics first!
ARS 9.0.01/ITSM 9.0.01
Mid tier hotfix 9.0.01 201512181241

Windows 2008 r2 servers (3 app servers and 3 mid tier)
Apache Tomcat 7.0.62
Java V 8u66
We have a group called "UFMS".
They have a report that is designed to bring back open tickets for that group.
When you run the report from the report console where assigned group is "UFMS", 
we receive the following error:
HTTP Status 500 - Unable to parse unicode value: fms\


type Exception report

message Unable to parse unicode value: fms\

description The server encountered an internal error that prevented it from 
fulfilling this request.

exception

org.apache.commons.lang.exception.NestableRuntimeException: Unable to parse 
unicode value: fms\

   
org.apache.commons.lang.StringEscapeUtils.unescapeJava(StringEscapeUtils.java:337)

   
org.apache.commons.lang.StringEscapeUtils.unescapeJava(StringEscapeUtils.java:287)

   com.remedy.arsys.support.Validator.URLParamHasXSSTag(Validator.java:219)

   
com.remedy.arsys.stubs.AuthenticationHelperServlet.setupEnv(AuthenticationHelperServlet.java:143)

   
com.remedy.arsys.stubs.AuthenticationHelperServlet.doRequest(AuthenticationHelperServlet.java:78)

   com.remedy.arsys.stubs.GoatHttpServlet.postInternal(GoatHttpServlet.java:98)

   com.remedy.arsys.stubs.GoatHttpServlet.doPost(GoatHttpServlet.java:62)

   javax.servlet.http.HttpServlet.service(HttpServlet.java:650)

   javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

   org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

   com.remedy.arsys.stubs.ReportServlet.doRequest(ReportServlet.java:80)

   com.remedy.arsys.stubs.GoatHttpServlet.postInternal(GoatHttpServlet.java:98)

   com.remedy.arsys.stubs.GoatHttpServlet.doPost(GoatHttpServlet.java:62)

   javax.servlet.http.HttpServlet.service(HttpServlet.java:650)

   javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

   org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

   com.remedy.arsys.stubs.TenancyFilter.doFilter(TenancyFilter.java:49)

root cause

java.lang.NumberFormatException: For input string: "fms\"

   java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)

   java.lang.Integer.parseInt(Integer.java:580)

   
org.apache.commons.lang.StringEscapeUtils.unescapeJava(StringEscapeUtils.java:331)

   
org.apache.commons.lang.StringEscapeUtils.unescapeJava(StringEscapeUtils.java:287)

   com.remedy.arsys.support.Validator.URLParamHasXSSTag(Validator.java:219)

   
com.remedy.arsys.stubs.AuthenticationHelperServlet.setupEnv(AuthenticationHelperServlet.java:143)

   
com.remedy.arsys.stubs.AuthenticationHelperServlet.doRequest(AuthenticationHelperServlet.java:78)

   com.remedy.arsys.stubs.GoatHttpServlet.postInternal(GoatHttpServlet.java:98)

   com.remedy.arsys.stubs.GoatHttpServlet.doPost(GoatHttpServlet.java:62)

   javax.servlet.http.HttpServlet.service(HttpServlet.java:650)

   javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

   org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

   com.remedy.arsys.stubs.ReportServlet.doRequest(ReportServlet.java:80)

   com.remedy.arsys.stubs.GoatHttpServlet.postInternal(GoatHttpServlet.java:98)

   com.remedy.arsys.stubs.GoatHttpServlet.doPost(GoatHttpServlet.java:62)

Authentication Strings in WSDL as Secure Strings

2016-02-18 Thread Madhu V

Hi,
 
We have an integration of BMC Remedy 8.1v with an home grown .Net Application 
through Webservices. The third party application has found Vulnerability in the 
WSDL and have recommended us to make the Password as an SecureString. The WSDL 
generates the Authentication string (Username/Password) automatically and he 
developers will not have any control over this. Is there any option to make 
these Authentication strings are SecureStrings. 
 
Regards
Madhu

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: Weird behavior with new 9.x Hotfix

Re: Weird behavior with new 9.x Hotfix

Authentication Strings in WSDL as Secure Strings

3 matches

Site Navigation

Mail list logo

Footer information