Re: After upgrade to 2.3.32 and S2-045 attacks

2017-05-18 Thread Ɓukasz Lenart
There is nothing to worry about, the first exception is logged by a file upload parsing layer as it cannot parse the multipart request, the second is logged because the request did not pass a validation and there is no an input result (the first exception was cause of the failed validation) W dniu

After upgrade to 2.3.32 and S2-045 attacks

2017-05-18 Thread Greg Lindholm
I've upgraded to Struts 2.3.32. Our site is still getting bombarded with S2-045 attacks. The application logs are filled with stack traces from these. I notices that one request is often generating two stack traces. The first is expected and second isn't. First exception (with most of the attack

Re: Property: struts.class.spring.enableAopSupport

2017-05-18 Thread developer researcher
Hi, For some reason the message was cut and the text was incomplete. Here the rest of the message: My original application is based on annotations but for the demo application I used the "struts.xml" file for the actions configuration which is the natural and default configuration style of struts