struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: [Full-disclosure] [ANN] Struts 2.3.16.1 GA release available - security fix
Date Thu, 06 Mar 2014 17:07:07 GMT
No, rather no. You gain access to ClassLoader.

2014-03-06 16:43 GMT+01:00 Tim <tim-security@sentinelchicken.org>:
>
>> This release includes important security fixes:
>> - S2-020 - ClassLoader manipulation via request parameters
>
> What is the ultimate impact of this manipulation?  Another RCE bug?
>
> tim

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message