Full Disclosure mailing list archives
Re: [ANN] Struts 2.3.16.1 GA release available - security fix
From: Lukasz Lenart <lukaszlenart () apache org>
Date: Thu, 6 Mar 2014 18:07:07 +0100
No, rather no. You gain access to ClassLoader. 2014-03-06 16:43 GMT+01:00 Tim <tim-security () sentinelchicken org>:
This release includes important security fixes: - S2-020 - ClassLoader manipulation via request parametersWhat is the ultimate impact of this manipulation? Another RCE bug? tim
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ANN] Struts 2.3.16.1 GA release available - security fix Lukasz Lenart (Mar 06)
- Re: [ANN] Struts 2.3.16.1 GA release available - security fix Tim (Mar 06)
- Re: [ANN] Struts 2.3.16.1 GA release available - security fix Lukasz Lenart (Mar 06)
- Re: [ANN] Struts 2.3.16.1 GA release available - security fix Tim (Mar 06)