We were unable to load Disqus. If you are a moderator please see our troubleshooting guide.
Is there some way to get confirmation from the Struts2 team. So far the only information about this is your blog and the foreign language site you link to. Is there some struts announcement coming?
Thats because the bypass was disclosed today but I got in contact with
Struts2 team and they just released an official announcement:
http://struts.apache.org/an...
Helpful Thanks !
Hi, how can we exploit this vulnerability to cross check if it is fixed or not ?...... Anwar
Is this also for JBoss?
I havent verified the JBoss classloader allow property manipulation to run arbitrary commands but Struts 2.3.16.2 has been released to fix S2-020 and S2-021 (same thing for cookies) so I strongly recommend you to update your Struts 2 even if running it on top of JBoss
Thats because the bypass was disclosed today but I got in contact with Struts2 team and they just released an official announcement:
http://struts.apache.org/an...