2016-04-28 3:59 GMT+02:00 mailinglist rs <[email protected]>: > Besides using upgrade or disable Dynamic method invocation, can I use > Filter or ParameterInteceptors to block request parameters which start with > "method:" prefix to prevent S2-032? > Reference: https://struts.apache.org/docs/s2-032.html
Yes, you can but bear in mind that this vulnerability affects only 2.3.20, 2.3.24 and 2.3.28 Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
