2007/7/5, Bob Lee <[EMAIL PROTECTED]>:
On 7/5/07, Ing. Andrea Vettori <[EMAIL PROTECTED]> wrote:
>
> The DoS is because you can trigger an infinite loop.
My point is, can you execute arbitrary code on the server? If so, a DoS is
the least of your worries.
It seems that you can, see the comment by Lukasz Racon:
https://issues.apache.org/struts/browse/WW-2030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_41371
Hey Andrea, I think that you discovered the worst bug in the history
of Struts (or WebWork, or both) :-)
Antonio
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
