The DoS is because you can trigger an infinite loop.
Please take a look at the jira issue.
Looks like we need to do different things if the value is specified
in the source code or if it's inserted in the field by the user.
http://struts.apache.org/2.0.8/docs/tag-syntax.html
Il giorno 05/lug/07, alle ore 17:47, Bob Lee ha scritto:
Possible DoS? Isn't this a remote exploit? Can you call arbitrary
methods?
Bob
On 7/5/07, Ing. Andrea Vettori <[EMAIL PROTECTED]> wrote:
some simple testing shows that the field value is simply evaluated...
try to put on a struts textfield %{1+1} submit and you'll get "2" on
the field...
Cool but don't think it should be the default behaviour.
What constructs can trigger recursion ?
Il giorno 05/lug/07, alle ore 14:00, Andrea ha scritto:
> Antonio Petrelli <antonio.petrelli <at> gmail.com> writes:
>
>>
>> Hi all,
>> Andrea Vettori, in the Struts Users mailing list, probably
discovered
>> a possible Denial-Of-Service bug in Struts 2.
>> The cause could be XWork.
>>
>
> Hi,
>
> furthermore I'd like to know if there are other "values" that can
> trigger the
> problem.
> Since I don't think that normal users of my site use that kind of
> password,
> I'm looking for whatever has triggered the problem about once a day
> on my
> e-commerce site...
>
> I've tried to follow the source of various classes but it's all new
> to me so I'm
> a bit lost.
>
> Thanks
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
Ing. Andrea Vettori
Consulente per l'Information Technology
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Ing. Andrea Vettori
Consulente per l'Information Technology
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
