Yes I think. https://www.exploit-db.com/exploits/33142/ says there will be a 
remote command execution vulnerability. You may try that exploit and see for 
any results on your server.<https://www.exploit-db.com/exploits/33142/>

Apache Struts - ClassLoader Manipulation Remote Code 
...<https://www.exploit-db.com/exploits/33142/>
www.exploit-db.com
Apache Struts - ClassLoader Manipulation Remote Code Execution (Metasploit). 
CVE-2014-0094,CVE-2014-0112,CVE-2014-0113. Remote exploit for Multiple 
platform....




________________________________
From: Anurag kumar <anurag.piyus...@gmail.com>
Sent: Tuesday, January 31, 2017 6:53 PM
To: dev@struts.apache.org
Subject: Struts 2.3.31 is excluding generic object.

Hi,

My Action class returns generic object and It was working fine with struts 
2.3.16 but after upgrading with struts 2.3.31. It is excluding generic object.
I found <constant name="struts.excludedClasses"> constant in struts-default.xml 
while searching. Here java.lang.Object is excluded. My concern is if I am 
overriding this constant in my struts.xml file after removing java.lang.Object 
.Will it have a huge impact on security?


Thanks
Anurag

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org

Reply via email to