struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alireza Fattahi (JIRA)" <>
Subject [jira] [Created] (WW-4601) webconsole can always be accessed
Date Sun, 31 Jan 2016 11:04:39 GMT
Alireza Fattahi created WW-4601:

             Summary: webconsole can always be accessed
                 Key: WW-4601
             Project: Struts 2
          Issue Type: Bug
            Reporter: Alireza Fattahi

It is possible that you get the webconsole.html in dev without having debug in the stack trace

I found that you can access /stuts/webconsole.html to see this html.  For example (thanks
jgeppert! ) :

I wonder if this should be fixed and if this can be used for attackers.

This message was sent by Atlassian JIRA

View raw message