Full Disclosure mailing list archives

Re: [ANN] Struts 2.3.16.1 GA release available - security fix

From: Tim <tim-security () sentinelchicken org>
Date: Thu, 6 Mar 2014 07:43:09 -0800

This release includes important security fixes:
- S2-020 - ClassLoader manipulation via request parameters


What is the ultimate impact of this manipulation?  Another RCE bug?

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[ANN] Struts 2.3.16.1 GA release available - security fix Lukasz Lenart (Mar 06)
- Re: [ANN] Struts 2.3.16.1 GA release available - security fix Tim (Mar 06)
  - Re: [ANN] Struts 2.3.16.1 GA release available - security fix Lukasz Lenart (Mar 06)
    - Re: [ANN] Struts 2.3.16.1 GA release available - security fix Tim (Mar 06)