Home > Support > Knowledge Base > Start

Pinned

Knowledgebase | News | Ask a Question | ...

Browse by category

How to implement remote code protection

Article ID: 2521

Last updated: 30 May, 2018

Article ID: 2521

Last updated: 30 May, 2018

Revision: 3

Views: 5660

Posted: 17 Jul, 2015
by Gargani A.

Updated: 30 May, 2018
by Gargani A.

Cause

A serious security vulnerability was recently found in our product. A remote, unauthenticated user can execute any Java code on the server.

The ilog.views.faces.IlvFacesController Servlet in jviews-framework-all.jar allows calling any other servlets on the classpath, even if they are not explicitly deployed exposing test servlets or administration servlets.

Resolving the problem

Starting from JViews 8.8 patch 21 and JViews 89 patch 1, the only kind of servlets that are allowed to be executed are:

servlets declared in web.xml
servlets which qualified name starts with ilog.views.faces.

If the you want to run another servlet you have to declare it in the IlvFacesController servlet parameter ilog.views.faces.ilvAuthorizedServletsList which holds a list of regular expressions.

Web.xml example: This would allow the execution of any servlet which name starts with bsh or toto

<servlet>
<servlet-name>Controller</servlet-name>
<servlet-class>ilog.views.faces.IlvFacesController</servlet-class>
<init-param>
<param-name>ilog.views.faces.ilvAuthorizedServletsList</param-name>
<param-value>bsh.*,toto.*</param-value>
</init-param>
...

This article was: Helpful | Not helpful

Report an issue

Article ID: 2521

Last updated: 30 May, 2018

Revision: 3

Views: 5660

Posted: 17 Jul, 2015 by Gargani A.

Updated: 30 May, 2018 by Gargani A.

Also listed in

Visualizations -> JViews -> Charts

Visualizations -> JViews -> Diagrammer

Visualizations -> JViews -> Enterprise

Visualizations -> JViews -> Gantt

Visualizations -> JViews -> Maps

Visualizations -> JViews -> Maps for Defense

Visualizations -> JViews -> TGO

« How to correctly display a non-North aligned GeoTiff image in...

JViews installer is failling on windows with error "Windows... »

Others in this category

Collecting data for problems when using JViews products.

Collecting data for problems when using Elixir product.

Subclassing IlvBarChartRenderer,computeDataLabel() has no effect

Multiple tab browser support

Avoid HeadlessException when running JSF TGO component on headless environment

Software end of service: ILOG Visualization - Replacements available

Using Java and/or Swing objects in an IlvManager

Support drag-and-drop in ILOG JViews

JMenu or JPopupMenu "hidden" by the JViews IlvManagerView

Improve the application performance

Error "cannot find or create interactor nameOfInteractor" when using my own IlvObjectInteractor

My custom IlvManagerViewInteractor.processXXXEvent() methods are not being called

Adding a label to graphic object

The nodes size appear to be modified after applying a graph layout algorithm

Perform layout on views with transformers different than the identity

Map projections overview

Map Projections computed values bounds

Free maps to download

Map formats supported by JViews

Adding geographic positioning information to bitmaps

All you want to know about Shapefiles

Adding a listener on the IlvGanttChart's JSplitPane

Improve performance of my IlvGanttChart and IlvScheduleChart

Changing the default leaf icon of an IlvTreeColumn

Translate from mouse (x, y) coordinates to graphic objects and data model entities

Polyline link points management

Testing tools that can be used with JViews

Dump an IlvManager as an image file

IlvRectangle objects are not rotated or appear malformed when applying a rotation transformer

Support of TIFF files

IlvReliefLabel appears completely black

Table like class availability in JViews Framework

Mouse interaction with IlvGraphic objects

Use of IlvFixedSizeGraphic or IlvHalfZoomingGraphic to control an object's size when zooming

Display a vertical line in a JViews Gantt Chart to mark the current time

Display a threshold (as an horizontal line) in my chart

Finding the best way to enforce the logic implied by Gantt Chart constraints

Making a graphic object transparent, that is, control the alpha value or make it "see-through"

Making an interactor permanent

Running JViews servlets in a UNIX headless environment

Custom renderers and the Cascading Style Sheet (CSS)

Pie Chart legend customization

JViews framework and thread-safety

Dataset point label manipulation

Nodes decorations

Disable movements and other interactions of reservations on an IlvScheduleChart or activities on an IlvGanttChart

Scale units customization

Multiline nodes labels

Chart scale positioning

Extend IlvLegend to arrange items into colums corresponding to the appropriate y-axis

Subclassing IlvGeneralNode to add CSS parameters and change the node shape

Hide the root row of the JViews Gantt chart

Displaying a JComponent as a node in a nested graph

Subclassing IlvAxisTransformer to reduce periodical differently sized gaps

Localize an error in a MID or MIF file

Set the stacking order for Gantt activities

Load several .sdxl files into a single Gantt chart

Setting the icon for each node relative to the CSS file

Deep copy an IlvIcon so that the image inside it is also copied

Removing points from a chart

Enable internationalization in the MIDMIF reader

Subclassing IlvFilterGanttModel

Local-component tooltips in an SDM prototype

Using script code in my SVG file

Gantt Chart thin-client sample with custom server action

Drawing a graphical object in a map

Convert a JPEG, GIF or any other image into the IVL format using the JViews library

An empty chart is displayed when the chart contains only one data point with the bar renderer

Non-editable table columns in Gantt Chart

Mouse-wheel interaction in JViews graphs

Selecting and resizing nodes in an IlvSDMEngine object

Resizing an IlvJComponentGraphic only rescales the JComponent

IlvTextPath Sample

IlvZoomViewInteractor does not maintain the aspect ratio that was set on it

Specify the bubble size of Bubble Charts

JViews and the Export Control Classification Numbers (ECCN) under U.S. export regulation

Accessing and configuring JViews logging traces

Increasing the tooltip show time and initial delay time in IlvHierarchyChart

Tree Layout does not properly layout all the links as expected

Specify different marker types for each data point and have these markers appear in the legend

Memory keeps increasing as new IlvChart instances are created

Activate animation during a graph layout with JViews Diagrammer

Tree Graph with a tree nested grapher as a node

Performing graphlayout on subgraphs that are connected by intergraph links

Perform different graph layouts on nested graphers using XML and CSS

"Add or Remove Programs" shows a large disk usage for JViews products

Customize the chart decoration to draw a group of notes around a value of the abscissa axis

Disable reconnection of link to a new anchor node outside an existing SDM node

Filling the area that limited by two polylines

Sample demonstrates how to mark specific points dynamically through CSS

When the bounding box of an object in a grapher/manager changes, it seems to mess up the screen.

Polyline-like link customization through css

Edit and save an intermediate point of a polylink in the Designer

When using an IlvLogarithmicAxisTransformer and setting the data range on an IlvAxis, this range is not taken into account

Keeping the main view updated as the overview rectangle is being dragged

Find the version, minor version, and patch level of my JViews JARs

Eclipse platforms supported by JViews

Adding a vertical scrollbar to Gantt table in thinclient application

Filtering done at the data source level

Custom Property Sheet Table

Selection in Diagrammer/SDM often take a long time

Create an image of the entire data range

Message "Windows error 3 occurred while loading Java VM" when installing JViews

Creating multiline tooltip for an activity

Make the contents of a subgraph scrollable

Customizing the movements of activities in my Gantt Chart

Selecting data points in the chart

IlvDiagrammer.printToBitmap() method does not print all nodes in the diagram

CSS syntax to be used to specify a shape for a node

Adjusting the way JViews Charts writes out JPEG files

Getting or setting model properties via the API

Using an inner class with the CSS class property in data model

Exporting my Gantt chart to PDF

Making a Demographic Chart

Using the TRUNCATE and WORD_WRAP modes for my IlvGeneralNode and IlvSDMCompositeNode labels

Warning message: The data model property <property> does not exist?

My labels appear jagged or blurred when zoomed out

Rendering the border of Activities as dotted lines

Using API to access graphic properties specified in a CSS

Adding a new time scale at the bottom of the Gantt Sheet

Hiding properties in an IlvDiagrammerPropertySheet

IlvDiagrammer does not refresh after I update my icon files

Ajax used in JViews, and customizing Ajax-based features into a thin-client application

Change the font and color of a single cell or entire row in the Gantt Table

My nodes resized when I display them in a JSF environment

Counting the number of IlvGraphic objects currently visible in IlvManagerView

Patch installer hangs at the "Installing" step

Speed up CPU usage when using cyclic datasets

Reducing the CPU usage in real-time charts that are frequently updated

Create a java.net.URL to refer to a CSS in a .jar file

Extend the components of the Rich Web Charts framework

Customize the look of a selection

Change the default temporary-file directory used for JViews applications

Outline an IlvLabel

Creation and interaction of multi-points links in Diagrammer application

ClassCastException occurs when deploying Web application on the Tomcat server that came with the JViews distribution

Display the same order of data sets in the legend as in the Stacked chart area

Disable the time indicator during a reshape interaction

Displaying an image map for the title bar area of subgraphs in my JViews Diagrammer JSF Web application

Interest of the reference View of the SDM engine

Customize a charts symbol beyond the predefined parameters

Sample of interactor that handles multiple Y axes zooming

Slow response time when using interactor that involves drawing ghost rectangle

Using the dataLabels value in the IlvSwingTableDataSource as the labels of the X axis

The chart legend doesn't get repaint when changing chart renderer's style in SWT

Date Line Wrapping feature

JViews Maps polygons accuracy

Making a diagram's background transparent to show the HTML page's background image as the background image of the diagram

Use jvcf:chartSelectInteractor to select all points of a dataset in a JSF application

Changing the Equipment component layers policy

Degraded performance on remote Solaris machine vs local machine

Use of the API to switch off the frame, the fill or the icon of an App6a symbol

Retrieving a business object from a view interaction

Pack200 with signed JARs

Integrating JViews Framework link connectors in JViews TGO

Change the behavior of the IlvDiagrammerViewBar's zoom buttons to zoom and focus on the selected graphic objects

Populate an IlvSDMModel and create subgraphs programmatically

Select a link in an IlvLinkBundle

Getting the graphic representation of my IltNetworkElement.Type

Hello World sample for Rogue Wave JViews TGO

Hello World sample for JViews Charts

Drawing the activity name on top of the activity bar

Starting guide for using graph layout with JViews Diagrammer

Use of IlvFilterSDMRenderer to set the background of a grapher using a CSS property

Restrict the activity displacement/resize to a certain threshold to create a "snap" effect

Customizing the vertical lines of the gantt sheet

Difference between map layers and manager layers, and use in the IlvLayerTreePanel

Support for cloned actions in the IlvDashboardEditBar

Setting position of a symbol in the dashboard editor

Printing diagrammer view at current zoom level

Configure Eclipse to show JViews Javadoc

Usage of IlvHitmapDefinition class to customize a tooltip in JSF

PATH syntax for loading an image file into an IlvIcon instance

Control the deletion of some selected nodes in a JSF application

Unable to change the background color of the gantt's IlvTimeScale

Making the background of Gantt Sheet transparent

Silent JViews Installation

Hiding the label of IlvGeneralLink

SecurityException when using the latest jar files

Programmatically expanding subgraphs

Modify the keyboard shortcuts in Dashboard Editor

Symbol Editor: relative path for an icon parameter

Dashboard Editor Search Path for Palettes

Blink property of JViews objects does not work on JSF page

Extending the Symbol Editor with custom CSS functions

Symbol works fine in English locale but disappears in Turkish locale

Highlight row in the Gantt sheet of a Gantt chart when selecting an activity

ConcurrentModificationException during diagram refresh in a JSF application

Set a different background color for a specific interval in the gantt sheet

Getting the activity on which a Collapse/Expand event occurs in the Gantt table

Highlight the selected row of a gantt table in thin client environment

Configuring Transparency value of layers in Map Builder

Drawing a scale on every axis of a radar chart

Security warning when running JViews application with applet on Microsoft Windows operating system

Add App-6a symbol to palette bar

Multiple tab browser support

Control the visibility of the JSF JViews Gantt Chart root row

Control the visibility of IlvMapLayers depending on the scale

Always show the label on the activity in JViews Gantt

Override the resizable view in JViews JSF application

NotSerializableException when deploying chart/gantt/diagrammer on JSF

Setting the Date Format in the csv flat file

Prevent long labels on the horizontal axis from overlapping the 3D chart

Getting java.lang.NoClassDefFoundError: com/ibm/icu/util/ULocale after migrating to JViews 8.8

Display a label using IlvMakeMeasureInteractor when 2 points are really close to each other

Increase width of IltLink on mouse over

Hit-testing on various parts of a chart

Reading DWG files in JViews Enterprise

Customizing a predefined chart symbol in the distribution to use in Dashboard Editor

Signing JViews jars when distributing them with my application

Latest License Management System for ROGUEWAVE ILOG Visualization Products

Some Asiatic characters are not displayed

Select an activity and display popup menu with right click in thin client

java.io.IOException: reading encoded JPEG Stream messages in servlet logs

Customize tooltip text for SDM node

Setting different tooltips on JSF objects in the same jsp page

Render different colors for a symbol based on a property

Performance difference between THREADED_REDRAW and DIRECT_REDRAW mode

Special character is being added to node's label when exported to SVG file

Expand or collapse a subnetwork programmatically

Hard-coding the name of the icon in CSS

Step by step to deploy a JViews application under WebSphere Application Server 8.0

Usage example of IlvBusLayout

java.io.IOException: reading encoded JPEG Stream messages in servlet logs

Connecting data to multiple Y axis on chart

Retrieving WGS84 coordinates from an USRP map

Dynamically collapse objects with no new alarms and expand objects with new alarms by using CSS

Logging facility for JTGO

Implement dragging and dropping between the IlpTree and the IlpNetwork

Using TableCellEditors with the IlpTable

Implementing Alarm Propagation at the level of the data model

JViews TGO Faces Web application deployment in TOMCAT 5.x or 6.x

Disable sorting when clicking on the header of an IlpTable

My application is slow on remote displays

Using IltSettings.SetValue to change the graphic representation does not work

Usage of JTGO in a multithreaded application

Updating the style information through the API

Patch installer hangs at the "Installing" step

Is Rogue Wave JViews 100% Java coded?

Support of Java 2 platform SDKs by Rogue Wave JViews

Internationalization in Composer sample

JViews graphic objects do not derive from java.awt.Component or javax.swing.JComponent classes

Notification when a subnetwork is collapsed or expanded

Show only a selection of object hierarchies in the network

Dynamically expand/collapse a network element based on new alarms via CSS

Save and restore the state of a previously expanded subnetwork

Programmatically change a CSS graphic property of a business object

IlpTree is not re-sorted after a change to an object in the tree

Restrict panning to the boundaries of my Network or Equipment component

Setting an IlpGeographicPositionConverter via CSS

Load-On-Demand (LOD) mechanisms can be used with ILOG JTGO

Enable object interactor to work along with IlvManagerViewInteractor.

Difference between the methods performLayoutOnce and setNodeLayout

Calling fitTransformerToContents does not always work

Set a select interactor to a network

Display certain types of IltObject on top of another type of IltObject

Styling management evolution among versions

IlpEquipment-specific tips that can be used to improve performance

Object identifier for IlpObject

Objects alarm state in ILOG JTGO

Manipulate the size of the network element

Introduction to the JViews TGO layer policy

Subclasses of IlvManagerViewInteractor can be set to a network

The relationship between the classes IltObject, IlpObject, IlpClass and IlpRepresentationObject

Handle the visibility of the objects

Retrieving IlpGraphic or the IlvGraphic corresponding to an IltObject

Sample showing a network component with BTS elements

Customizing predefined interactor buttons on the toolbar

Filtering objects representation creation at datasource addition time

Tips to improve performance on IlpNetwork

Filtering techniques available with JViews TGO

Sample showing how zooming on a network component can affect the visibility of labels

Changing the appearance of the constraints in a Gantt chart

Implementing an information box on an IlvManagerView

An IltInvalidStateException is thrown when I call IltNetworkElement.setState(IltState state)

Sample showing a network component having two nodes and a link

Sample listing the IltcLayer and IlvManagerLayer layers of a network component

Set the relative size of the Diagrammer in JSF

Vertical layout of an activity in a Gantt row

Redrawing a specific part or the entire IlvChart

Configure Map Builder to support relative path for the points image source property

Translating the printing dialogs

Gantt data model entities deprecation

Customizing the Gantt Time Scale

Customize a view template implementation given in an Application Framework application

Manager layer accessibility

Creating one bar chart from several data sources

Moving the submanager when an internal object is moved

Menu-controlled visibility of a prototype having a multirep behavior

Setting margins of a diagram, for example after a graph layout

Diagrammer building based on flat files

Obtaining latitude and longitude coordinates given a city name or postal code

Make objects blink in an application

Multiple stacked bar charts along the z-axis

Expanding or collapsing subgraphs in thin-client applications

Accessing the scrollbars of IlvHierarchyChart

Preserve the position of a node in a hierarchical layout after the node has been replaced

IlvGeneralNode will not redraw correctly after changing any of the property

Globally defining by code a chart property that is not specific to a series, and that is evaluated in the .css

Make the select interactor select an object that intersects the drag rectangle

Specify slice colors in a pie chart using CSS

Draw a bi-directional link in JViews

Customize a JToolTip for an IlvDiagrammer

JSF Gantt: pattern format for dates in the JSF Tags

Changing the tooltip style when using jvf:tooltipInteractor

Adding the DeploymentLicenseRequired declaration in JSF Web Application (Only Apply to 8.7 & 8.8)

How to correctly display a non-North aligned GeoTiff image in JViews Maps

JViews installer is failling on windows with error "Windows error 2 occured while loading the java VM"

how to update my code to adapt to the new precision of JViews 2017

Powered by KBPublisher (Knowledge base software)