[
https://issues.apache.org/jira/browse/WW-3668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13081682#comment-13081682
]
Lukasz Lenart edited comment on WW-3668 at 8/9/11 3:04 PM:
-----------------------------------------------------------
But it looks like an issue in Tomcat 7, somehow it's parse #application
returned by Struts 2 - the < > are in place, just the content was replaced
was (Author: lukaszlenart):
But it looks like an issue in Tomcat 7, somehow it's parse #application
returned by Struts 2
> Vulnerability: User input is evaluated as an OGNL expression when there's a
> conversion error.
> ---------------------------------------------------------------------------------------------
>
> Key: WW-3668
> URL: https://issues.apache.org/jira/browse/WW-3668
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.2.3
> Environment: Struts 2.2.3
> Tomcat 7.0.19
> Reporter: Hideyuki Suzumi
>
> 1. Run "Struts Showcase".
> 2. Click "Validation".
> 3. Click "Field Validators".
> 4. Type "<' + #application + '>" in the "Integer Validator Field".
> 5. Click "Submit".
> 6. You can get all "application" scoped variables in the "Integer Validator
> Field".
> Please fix ConversionErrorInterceptor and
> RepopulateConversionErrorFieldValidatorSupport.
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor
> 87: return "'" + value + "'";
> com.opensymphony.xwork2.validator.validators.RepopulateConversionErrorFieldValidatorSupport
> 175: fakeParams.put(fullFieldName, "'" + tmpValue[0] +
> "'");
> 182: fakeParams.put(fullFieldName, "'" + tmpValue + "'");
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
