[jira] [Updated] (WW-4600) MessageStoreInterceptor throws Session already invalidated
[ https://issues.apache.org/jira/browse/WW-4600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart updated WW-4600: -- Affects Version/s: 2.3.24 > MessageStoreInterceptor throws Session already invalidated > --- > > Key: WW-4600 > URL: https://issues.apache.org/jira/browse/WW-4600 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Affects Versions: 2.3.24 >Reporter: Alireza Fattahi >Assignee: Lukasz Lenart > Fix For: 2.5.x > > > The MessageStoreInterceptor may throw the java.lang.IllegalStateException: > getAttribute: Session already invalidated at line 289, if the action > invalidte the session. > Can this be solved ?! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (WW-4601) webconsole can always be accessed
Alireza Fattahi created WW-4601:
---
Summary: webconsole can always be accessed
Key: WW-4601
URL: https://issues.apache.org/jira/browse/WW-4601
Project: Struts 2
Issue Type: Bug
Reporter: Alireza Fattahi
It is possible that you get the webconsole.html in dev without having debug in
the stack trace
I found that you can access /stuts/webconsole.html to see this html. For
example (thanks jgeppert! ) :
{code}
http://struts.jgeppert.com/struts2-jquery-showcase/struts/webconsole.html
{code}
I wonder if this should be fixed and if this can be used for attackers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (WW-4600) MessageStoreInterceptor throws Session already invalidated
[ https://issues.apache.org/jira/browse/WW-4600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15125313#comment-15125313 ] victorsosa commented on WW-4600: Affects Version please > MessageStoreInterceptor throws Session already invalidated > --- > > Key: WW-4600 > URL: https://issues.apache.org/jira/browse/WW-4600 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Reporter: Alireza Fattahi > Fix For: 2.5.x > > > The MessageStoreInterceptor may throw the java.lang.IllegalStateException: > getAttribute: Session already invalidated at line 289, if the action > invalidte the session. > Can this be solved ?! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (WW-4600) MessageStoreInterceptor throws Session already invalidated
[ https://issues.apache.org/jira/browse/WW-4600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15125314#comment-15125314 ] Alireza Fattahi commented on WW-4600: - I see this on version 2.5-BETA2 and 2.3.24.1 > MessageStoreInterceptor throws Session already invalidated > --- > > Key: WW-4600 > URL: https://issues.apache.org/jira/browse/WW-4600 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Reporter: Alireza Fattahi > Fix For: 2.5.x > > > The MessageStoreInterceptor may throw the java.lang.IllegalStateException: > getAttribute: Session already invalidated at line 289, if the action > invalidte the session. > Can this be solved ?! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (WW-4600) MessageStoreInterceptor throws Session already invalidated
[ https://issues.apache.org/jira/browse/WW-4600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart reassigned WW-4600: - Assignee: Lukasz Lenart > MessageStoreInterceptor throws Session already invalidated > --- > > Key: WW-4600 > URL: https://issues.apache.org/jira/browse/WW-4600 > Project: Struts 2 > Issue Type: Bug > Components: Core Interceptors >Reporter: Alireza Fattahi >Assignee: Lukasz Lenart > Fix For: 2.5.x > > > The MessageStoreInterceptor may throw the java.lang.IllegalStateException: > getAttribute: Session already invalidated at line 289, if the action > invalidte the session. > Can this be solved ?! -- This message was sent by Atlassian JIRA (v6.3.4#6332)
