Apache Struts Information for VU#719225

Apache Struts2 ClassLoader allows access to class properties via request parameters

Status

Affected

Vendor Statement

A security fix release fully addressing this issue is in preparation and will be released as soon as possible.

    Once the release is available, all Struts 2 users are strongly recommended to update their installations.

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    http://struts.apache.org/announce.html#a20140424

    Addendum

    There are no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.