You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Musachy Barroso (JIRA)" <ji...@apache.org> on 2007/05/17 23:28:42 UTC
[jira] Resolved: (WW-1769) Security hole in config parameter of the
viewSource action in struts2-showcase example app
[ https://issues.apache.org/struts/browse/WW-1769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Musachy Barroso resolved WW-1769.
---------------------------------
Resolution: Fixed
Fix Version/s: (was: 2.0.8)
2.1.0
Not really a problem, but I added an small fix for planetstruts
> Security hole in config parameter of the viewSource action in struts2-showcase example app
> ------------------------------------------------------------------------------------------
>
> Key: WW-1769
> URL: https://issues.apache.org/struts/browse/WW-1769
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 2.0.6
> Reporter: Janne Kario
> Fix For: 2.1.0
>
>
> I had two options.
> 1. Send this to thedailywtf.com
> 2. Create an issue
> Decided to do the latter.
> http://www.planetstruts.org/struts2-showcase/viewSource.action?config=file:/nfs/home3/home3/h/husted/public_html/struts2-showcase/WEB-INF/classes/struts-hangman.xml:9&className=com.opensymphony.xwork2.ActionSupport&page=/hangman//hangman/hangmanMenu.ft
> config parameter accepts all kinds of file paths.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.