tracker issue : CF-3185305

select a category, or use search below
(searches all categories and all time range)
Title:

RE: http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/

Reporter/Name(from Bugbase): Steve Sommers / Steve Sommers (Steve Sommers)

Created: 05/08/2012

Components: Security

Versions: 9.0.1

Failure Type: Unspecified

Found In Build/Fixed In Build: 9.0.1 /

Priority/Frequency: Trivial / All users will encounter

Locale/System: English / Win 2008 Server R2 64 bit

Vote Count: 0

Duplicate ID:	CF-3137285

Problem Description: Uninformative error response and no logging.

Steps to Reproduce: Install the above reference patch and send a request that exceeds the default number of fields.

Actual Result: HTTP STATUS 500: Internal error

Expected Result: HTTP STATUS 400: Bad request -- and a log entry somewhere

Any Workarounds: None

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3185305

External Customer Info:
External Company:  
External Customer Name: Steve Sommers
External Customer Email:  
External Test Config: My Hardware and Environment details: Windows 2008 Server R2 / IIS 7.5 (I think but does not matter)

Attachments:

Comments:

We installed this in our test environment and it worked as advertised BUT I have two questions: Why did you choose to throw a http status 500 "Internal Error" exception (as opposed to picking another number like 400 "Bad Request") and can this be changed? The status code 500 error appear to be a catch all for anything not categorized and because of this they are the hardest to diagnose. Just look in these forums and you'll find several unrelated 500 threads. And BTW, I looked in every log file I could find and there was no reference to the error or what was causing the 500 (as per most all 500 errors).
Comment by External U.
19500 | May 08, 2012 05:50:46 PM GMT