Request to changing error message in ud agent

Idea ID 2799053

Request to changing error message in ud agent

The ucmdb version is 10.33.

The client thinks that different error pages appear depending on the presence or absence of the web page, which is vulnerable to security in ud agent.

So the client wants to change the error message to be consistent regardless of whether the page exists or not.

Please refer to the attachement for details.

 

1.jpg

 

 

2 Comments
Micro Focus Expert
Micro Focus Expert
Status changed to: Needs Clarification

I've sent a note to the author asking for more details or a ticket number as I am struggling understanding the request.

Micro Focus Expert
Micro Focus Expert
Status changed to: Already Offered

I chatted for awhile with our experts.  They did indicate that version 10.33 experiences the problems you describe.

However, more recent versions of CMS now react differently.  I have access to our release from May 2019, and I can confirm I see this improved behavior from that version, as well as the most recent version 2020.05 (so I assume it’s the same for all versions in between).

For example

For normal pages like ucmdb-ui or ucmdb-browser if url is not ok it will redirect to login page.  If one accesses :

  • https::/cms-server:8443/ucmdb-browser/cvcxvcxlogin_padfdfdge.jsp?forwarURlForLoginPageParam=%2Fucmdb-ui%2Flogin_page333.jspà  basically invalid page, response code is 200 and redirected to login page
  • https::/cms-server:8443/ucmdb-browser/ucmdb_browser/asdasdasdas2232  à as above it returns 200 and redirects to login
  • https::/cms-server:8443/ucmdb-browser/  is the normal login so again 200
  • https::/cms-server:8443/ucmdb-ui/login_page.jsp is old applet login and returns 200
  • https::/cms-server:8443/ucmdb-ui/login_pa3434ge.jsp  returns 302 (found) and redirects to login page
  • https::/cms-server:8443/ucmdb-docs/docs/eng/doc_lib/Content/testjsp    (not valid )  or https::/cms-server:8443/ucmdb-docs/docs/eng/doc_lib/  (valid)  both return 401 now if not authenticated

At this point, we would not go back and resolve this in 10.33 as the fix for the customer is to upgrade to one of the later versions.

About the Author
Bill has over 26 years of experience in the IT industry focusing on providing business solutions utilizing HPE Software’s tools at enterprise scale. He comes from the HPE-IT organization where he managed the first deployment of HPSC (now HPSM) and then later UCMDB with its discovery partner UD. Bill also managed a team of IT Developers, who created customized configuration management solutions for HPE-IT and HPE’s ES clients.
Most "Liked" Contributors
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.