Yes I think. https://www.exploit-db.com/exploits/33142/ says there will be a remote command execution vulnerability. You may try that exploit and see for any results on your server.<https://www.exploit-db.com/exploits/33142/>
Apache Struts - ClassLoader Manipulation Remote Code ...<https://www.exploit-db.com/exploits/33142/> www.exploit-db.com Apache Struts - ClassLoader Manipulation Remote Code Execution (Metasploit). CVE-2014-0094,CVE-2014-0112,CVE-2014-0113. Remote exploit for Multiple platform.... ________________________________ From: Anurag kumar <anurag.piyus...@gmail.com> Sent: Tuesday, January 31, 2017 6:53 PM To: dev@struts.apache.org Subject: Struts 2.3.31 is excluding generic object. Hi, My Action class returns generic object and It was working fine with struts 2.3.16 but after upgrading with struts 2.3.31. It is excluding generic object. I found <constant name="struts.excludedClasses"> constant in struts-default.xml while searching. Here java.lang.Object is excluded. My concern is if I am overriding this constant in my struts.xml file after removing java.lang.Object .Will it have a huge impact on security? Thanks Anurag --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
