Struts2 Development Mode Enabled
Severity:
Low
Summary
Invicti detected Struts2 development mode is enabled, so the target web server is disclosing stack trace data in the HTTP response.
Development mode enables extra debugging behaviors that assist developers, as well as attackers.
Impact
An attacker can obtain information such as:
- Stack trace.
- Information about the generated exception.
Remediation
Change your WEB-INF/classes/struts.properties file to disable development mode:
struts.devMode=false
Required Skills for Successful Exploitation
Actions To Take
Classifications
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Featured resources
Build your resistance to threats. And save hundreds of hours each month.
