Alireza Fattahi created WW-4601: ----------------------------------- Summary: webconsole can always be accessed Key: WW-4601 URL: https://issues.apache.org/jira/browse/WW-4601 Project: Struts 2 Issue Type: Bug Reporter: Alireza Fattahi
It is possible that you get the webconsole.html in dev without having debug in the stack trace I found that you can access /stuts/webconsole.html to see this html. For example (thanks jgeppert! ) : {code} http://struts.jgeppert.com/struts2-jquery-showcase/struts/webconsole.html {code} I wonder if this should be fixed and if this can be used for attackers. -- This message was sent by Atlassian JIRA (v6.3.4#6332)