Hi, We can avoid Dynamic method invocation in the struts.xml file by declaring below tag,
<constant name="struts.enable.DynamicMethodInvocation" value="false" /> Kindly follow this link for your reference http://security.coverity.com/blog/2013/Oct/making-struts2-app-more-secure-disable-dynamic-method-invocation.html Thanks, Suresh Sadanala. Regards, Suresh Sadanala +91-880 777 9058. On Thu, Apr 28, 2016 at 10:07 AM, Lukasz Lenart <lukaszlen...@apache.org> wrote: > 2016-04-28 3:59 GMT+02:00 mailinglist rs <rsmailinglis...@gmail.com>: > > Besides using upgrade or disable Dynamic method invocation, can I use > > Filter or ParameterInteceptors to block request parameters which start > with > > "method:" prefix to prevent S2-032? > > Reference: https://struts.apache.org/docs/s2-032.html > > Yes, you can but bear in mind that this vulnerability affects only > 2.3.20, 2.3.24 and 2.3.28 > > > Regards > -- > Ćukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
