This is the vulnerability that was addressed in Struts 2.3.15.1.
On Thu, Jan 30, 2014 at 2:36 PM, JOSE L MARTINEZ-AVIAL wrote:
> What version of Struts are you using? It seems
>
> 60.15.137.72 - - [27/Jan/2014:17:51:48 +0530] "GET
>
> /common/test2.action?redirect:$%7B%23a%3d%23context.get('com.
I don't know about the 10 times easier, but we'll see what we can do.
Jim
On Tue, Oct 29, 2013 at 1:02 PM, Lukasz Lenart wrote:
> 2013/10/29 Greuel, Jim :
> > Our real app has numerous cases where the URL namespace doesn't match the
> > Java package structure. I
helloworld.test and set
> actionPackages tp org.apache.struts.helloworld and remove @Namespace
> annotation.
>
>
> Regards
> --
> Ćukasz
> + 48 606 323 122 http://www.lenart.org.pl/
>
> 2013/10/22 Greuel, Jim :
> > Thanks Lukasz. Yes, setting defaultParentPackage
Thanks Lukasz. Yes, setting defaultParentPackage fixes the problem for the
sample app, but my real app has multiple custom struts packages, so I can't
specify a single default that works in all cases.
Jim
> In 2.0.11 the Codebehind plugin was just a UnknownHandler ;-)
> Try add this:
> va
4 matches
Mail list logo
