struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicola (JIRA)" <>
Subject [jira] [Created] (WW-4947) server errors generated by secure-jakarta-multipart-parser-plugin
Date Fri, 03 Aug 2018 10:34:00 GMT
Nicola created WW-4947:

             Summary: server errors generated by secure-jakarta-multipart-parser-plugin
                 Key: WW-4947
             Project: Struts 2
          Issue Type: Dependency
            Reporter: Nicola


Hi, my name is Nick,

first Jira here.


I installed secure-jakarta-multipart-parser-plugin-1.1 software to patch CVE-2017-5638 security

Since it's an official plugin, I expected to find some documentation on how it works and what
kind of response to expect from the server. But I didn't find any, I guess because the preferred
patch is to actually update Struts version to a more secure one, which I can't do unfortunately.

PROBLEM: I'm getting several different exceptions when I try to attack the system.

Sometimes I just get the HTML. So I guess the attack has not worked (and the patch did stop
it), but it's hard for me to understand why I get such different responses from the server.

My main doubt is way sometimes the server returns an error and sometimes it just returns the


Am i doing this right? Is this how it's supposed to work? Or is this an issue that should

handled somehow at the application level?


Thanks in advance



This message was sent by Atlassian JIRA

View raw message