| Message view | « Date » · « Thread » |
|---|---|
| Top | « Date » · « Thread » |
| From | Lukasz Lenart <lukaszlen...@apache.org> |
| Subject | Re: [Full-disclosure] [ANN] Struts 2.3.16.1 GA release available - security fix |
| Date | Thu, 06 Mar 2014 17:07:07 GMT |
No, rather no. You gain access to ClassLoader. 2014-03-06 16:43 GMT+01:00 Tim <tim-security@sentinelchicken.org>: > >> This release includes important security fixes: >> - S2-020 - ClassLoader manipulation via request parameters > > What is the ultimate impact of this manipulation? Another RCE bug? > > tim --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@struts.apache.org For additional commands, e-mail: user-help@struts.apache.org | |
| Mime |
|
| View raw message | |