struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ing. Andrea Vettori" <m...@andreavettori.com>
Subject Re: [S2] Heads Up: possible DOS problem
Date Thu, 05 Jul 2007 15:40:32 GMT
some simple testing shows that the field value is simply evaluated...

try to put on a struts textfield %{1+1} submit and you'll get "2" on  
the field...

Cool but don't think it should be the default behaviour.

What constructs can trigger recursion ?


Il giorno 05/lug/07, alle ore 14:00, Andrea ha scritto:

> Antonio Petrelli <antonio.petrelli <at> gmail.com> writes:
>
>>
>> Hi all,
>> Andrea Vettori, in the Struts Users mailing list, probably discovered
>> a possible Denial-Of-Service bug in Struts 2.
>> The cause could be XWork.
>>
>
> Hi,
>
> furthermore I'd like to know if there are other "values" that can  
> trigger the
> problem.
> Since I don't think that normal users of my site use that kind of  
> password,
> I'm looking for whatever has triggered the problem about once a day  
> on my
> e-commerce site...
>
> I've tried to follow the source of various classes but it's all new  
> to me so I'm
> a bit lost.
>
> Thanks
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>

--
Ing. Andrea Vettori
Consulente per l'Information Technology



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message