struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabian Richter <frich...@mtg.de>
Subject Risk by allowing application* params
Date Thu, 07 Aug 2014 09:43:50 GMT
Hey,

we are wondering why struts params interceptor excludes

^application\..*

as a parameter?

To what kind of vulernatbilities would we open our applications if we 
allow parameters starting with application to be set by struts?

Thank you and best
Fabian


Mime
View raw message