Always up to date😁. Thanks for your work!!
On 25/03/2021 10:21, Lukasz Lenart wrote:
czw., 25 mar 2021 o 11:12 Greg Huber <gregh3...@gmail.com> napisał(a):
Seem to be getting lots of these log warnings recently. Anything to
worry about?
2021-03-24 12:29:40,439 WARN
com.opensymphony.xwork2.interceptor.ParametersInterceptor
ParametersInterceptor:isWithinLengthLimit - Parameter
[redirect:${#res=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#res.setCharacterEncoding("UTF-8"),#req=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),#res.getWriter().print("xfdir"),#res.getWriter().print("xfdir:"),#res.getWriter().println(#req.getSession().getServletContext().getRealPath("/")),#res.getWriter().print("xfdir:"),#res.getWriter().flush(),#res.getWriter().close()}]
is too long, allowed length is [100]
Rather no (if you are up to date), someone is trying to hack your
website using an old vulnerability with "redirect:":
https://cwiki.apache.org/confluence/display/WW/S2-016
https://cwiki.apache.org/confluence/display/WW/S2-017
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
