struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From saikrishna <saikrishnaad...@gmail.com>
Subject Re: redirect vulnerability after upgrading to Struts 2.3.16.2
Date Thu, 17 Jul 2014 10:17:54 GMT
Lukasz Lenart <lukaszlenart <at> apache.org> writes:

> 
> 2014-07-17 11:31 GMT+02:00 saikrishna <saikrishnaadivi <at> gmail.com>:
> > 2014-04-18 05:23:12,320 ERROR ParametersInterceptor:34 - Developer
> > Notification (set struts.devMode to false to disable this message):
> > Unexpected Exception caught setting
> > 
'redirect:${#a=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletR
> > 
equest'),#b=#a.getRealPath("/"),#matt=#context.get('com.opensymphony.xwork2.
> > 
dispatcher.HttpServletResponse'),#matt.getWriter().println(#b),#matt.getWrit
> > er().flush(),#matt.getWriter().close()}' on 'class java.lang.String: 100
> >
> >
> > This is the complete log entry.Looks like its a hack attempt trying to 
post
> > some data to the server ?
> > Please advice on the possible fix.
> 
> But this is only visible in devMode, it isn't an issue.
> 
> Regards

Sorry,this is an issue from production,where already dev mode is set to false 
in the config files.
Log entry is from production.



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message