This vulnerability was resolved in 2.3.15.1, more details here
http://struts.apache.org/release/2.3.x/docs/s2-017.html
For sure you must switch off devMode in production, thus has large
impact on overall application performance
2014-07-16 17:28 GMT+02:00 saikrishna <saikrishnaad...@gmail.com>:
> Hi Getting the below error.Looks like,somebody tried to attack our application
> with a redirect.Below is the log.Please advice.
>
> ParametersInterceptor:34 - Developer Notification (set struts.devMode to false
> to disable this message):
> Unexpected Exception caught setting
> 'redirect:${#res=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletR
> esponse'),#res.setCharacterEncoding("UTF-8"
> ),#req=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),#
> res.getWriter().print("dir:"),#res.getWriter().println(#req.getSession().getSe
> r
> vletContext().getRealPath("/")),#res.getWriter().flush(),#res.getWriter().clos
> e()}' on 'class java.lang.String: 100
>
>
> somebody trying to post something to the server with the redirect url.
>
> Please suggest what should I do.
>
> Thanks
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
