struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Petrelli" <antonio.petre...@gmail.com>
Subject Re: [S2] Heads Up: possible DOS problem
Date Thu, 05 Jul 2007 16:51:17 GMT
2007/7/5, Bob Lee <crazybob@crazybob.org>:
> On 7/5/07, Ing. Andrea Vettori <mail@andreavettori.com> wrote:
> >
> > The DoS is because you can trigger an infinite loop.
>
>
> My point is, can you execute arbitrary code on the server? If so, a DoS is
> the least of your worries.

It seems that you can, see the comment by Lukasz Racon:
https://issues.apache.org/struts/browse/WW-2030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_41371

Hey Andrea, I think that you discovered the worst bug in the history
of Struts (or WebWork, or both) :-)

Antonio

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message