Summary

Using the Config Browser plugin in production

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Usage of the Config Browser plugin in a production evnironment

Maximum security rating

Low

Recommendation

Please read the Security guideline

Affected Software

Any Struts 2 version

Reporter

Yelin from Venustech Inc.

CVE Identifier

 

Problem

Usage of the Config Browser in a production environment can lead to exposing vunerable information of the application

Solution

Please read our Security guideline and restrict access to the Config Browser or do not use in a production environment!

Backward compatibility

No backward incompatibility issues are expected.

  • No labels