[jira] [Commented] (WW-4601) webconsole can always be accessed

Lukasz Lenart (JIRA) Wed, 03 Feb 2016 01:12:57 -0800

    [ 
https://issues.apache.org/jira/browse/WW-4601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15130081#comment-15130081
 ]


Lukasz Lenart commented on WW-4601:
-----------------------------------

It won't do any harm, without debugging interceptor it isn't possible to 
perform any action.

> webconsole can always be accessed
> ---------------------------------
>
>                 Key: WW-4601
>                 URL: https://issues.apache.org/jira/browse/WW-4601
>             Project: Struts 2
>          Issue Type: Bug
>            Reporter: Alireza Fattahi
>             Fix For: 2.5
>
>
> It is possible that you get the webconsole.html in dev without having debug 
> in the stack trace
> I found that you can access /stuts/webconsole.html to see this html.  For 
> example (thanks jgeppert! ) :
> {code}
> http://struts.jgeppert.com/struts2-jquery-showcase/struts/webconsole.html
> {code}
> I wonder if this should be fixed and if this can be used for attackers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (WW-4601) webconsole can always be accessed

Reply via email to