You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Lee Clemens (JIRA)" <ji...@apache.org> on 2009/01/09 03:56:45 UTC

[jira] Closed: (WW-2949) Passing paremeter value from Action to Action requires a security vulnerability

     [ https://issues.apache.org/struts/browse/WW-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lee Clemens closed WW-2949.
---------------------------


Thank you all for your responses.

> Passing paremeter value from Action to Action requires a security vulnerability
> -------------------------------------------------------------------------------
>
>                 Key: WW-2949
>                 URL: https://issues.apache.org/struts/browse/WW-2949
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Actions
>    Affects Versions: 2.1.6
>         Environment: All
>            Reporter: Lee Clemens
>            Priority: Minor
>
> To pass parameter value from Action->form->Action, need to use URL parameter or <s:hidden>
> URL can be manipulated manually and hidden form field can be altered via Firefox plugin, etc
> This presents a security issue, since the form's hidden attribute can be manipulated via a Firefox plugin, etc and the URL can be altered directly

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.