Alireza Fattahi created WW-4601:
-----------------------------------
Summary: webconsole can always be accessed
Key: WW-4601
URL: https://issues.apache.org/jira/browse/WW-4601
Project: Struts 2
Issue Type: Bug
Reporter: Alireza Fattahi
It is possible that you get the webconsole.html in dev without having debug in
the stack trace
I found that you can access /stuts/webconsole.html to see this html. For
example (thanks jgeppert! ) :
{code}
http://struts.jgeppert.com/struts2-jquery-showcase/struts/webconsole.html
{code}
I wonder if this should be fixed and if this can be used for attackers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
