czw., 25 mar 2021 o 11:12 Greg Huber <gregh3...@gmail.com> napisał(a):
>
> Seem to be getting lots of these log warnings recently. Anything to
> worry about?
>
> 2021-03-24 12:29:40,439 WARN
> com.opensymphony.xwork2.interceptor.ParametersInterceptor
> ParametersInterceptor:isWithinLengthLimit - Parameter
> [redirect:${#res=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#res.setCharacterEncoding("UTF-8"),#req=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),#res.getWriter().print("xfdir"),#res.getWriter().print("xfdir:"),#res.getWriter().println(#req.getSession().getServletContext().getRealPath("/")),#res.getWriter().print("xfdir:"),#res.getWriter().flush(),#res.getWriter().close()}]
> is too long, allowed length is [100]
Rather no (if you are up to date), someone is trying to hack your
website using an old vulnerability with "redirect:":
https://cwiki.apache.org/confluence/display/WW/S2-016
https://cwiki.apache.org/confluence/display/WW/S2-017
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
