RE: Struts 1 binding vulnerability

2010-07-12 Thread Zheng, Xiahong
List Subject: Re: Struts 1 binding vulnerability Open a JIRA ticket and submit a patch. We welcome help from the community. On Mon, Jul 12, 2010 at 2:06 PM, Zheng, Xiahong wrote: > Hi, > > Spring recently released the following security vulnerability in its MVC data > binding framew

Re: Struts 1 binding vulnerability

2010-07-12 Thread Paul Benedict
Open a JIRA ticket and submit a patch. We welcome help from the community. On Mon, Jul 12, 2010 at 2:06 PM, Zheng, Xiahong wrote: > Hi, > > Spring recently released the following security vulnerability in its MVC data > binding framework. Here is the description > > The Spring Framework provides

Struts 1 binding vulnerability

2010-07-12 Thread Zheng, Xiahong
Hi, Spring recently released the following security vulnerability in its MVC data binding framework. Here is the description The Spring Framework provides a mechanism to use client provided data to update the properties of an object. This mechanism allows an attacker to modify the properties o