Re: [Full-disclosure] [ANN] Struts 2.3.16.1 GA release available - security fix

Tim Thu, 06 Mar 2014 07:47:26 -0800

> This release includes important security fixes:
> - S2-020 - ClassLoader manipulation via request parameters


What is the ultimate impact of this manipulation?  Another RCE bug?

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [ANN] Struts 2.3.16.1 GA release available - security fix

Reply via email to