Who should read this
All Struts 2 developers and users
Impact of vulnerability
Affects of a cross-site scripting vulnerability when debug mode is switched on or JSPs are exposed in production environment.
Maximum security rating
Turn off debug mode in production environment, apply tips from Security guideline to secure JSPs. An upgrade to Struts 2.3.20 is recommended.
Struts 2.0.0 - Struts Struts 18.104.22.168
Takayoshi Isayama, Mitsui Bussan Secure Directions, Inc. Taki Uchiyama, JPCERT/CC(vulnerability with JSPs)
anonymous (vulnerability with devMode)