struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alireza Fattahi (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WW-4601) webconsole can always be accessed
Date Sun, 31 Jan 2016 11:04:39 GMT
Alireza Fattahi created WW-4601:
-----------------------------------

             Summary: webconsole can always be accessed
                 Key: WW-4601
                 URL: https://issues.apache.org/jira/browse/WW-4601
             Project: Struts 2
          Issue Type: Bug
            Reporter: Alireza Fattahi


It is possible that you get the webconsole.html in dev without having debug in the stack trace

I found that you can access /stuts/webconsole.html to see this html.  For example (thanks
jgeppert! ) :
{code}
http://struts.jgeppert.com/struts2-jquery-showcase/struts/webconsole.html
{code}

I wonder if this should be fixed and if this can be used for attackers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message