Error 500: Illegal block size
search cancel

Error 500: Illegal block size

book

Article ID: 375187

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Security penetration testing determined that sending certain parameters to IDM results in IDM throwing a 500 error and displaying a stack trace.  For example, a request to

https://idm.test.com/iam/im/identityEnv/ui7/index.jsp?javax.faces.ViewState=abcdefg

displays the following error:

Exception during page display:

javax.servlet.jsp.JspException: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
	at com.netegrity.taglib.skin.TagUtilLocal.jsfProcessing(TagUtilLocal.java:447)
...

Environment

IM 14.4 SP2

Resolution

The fix for 14.4 SP2 (non-vAPP), in the form of a new Error 500 page, prevents the user from seeing a code stack trace, instead replacing it with a generic "Internal Server Error."

The fix is expected to be included in 14.5 SP2. Please contact Support for the hotfix for 14.4.2 (DE605511_IM1442NONVapp_HF.zip) or other versions.