Apache Struts Information for VU#719225

Apache Struts2 ClassLoader allows access to class properties via request parameters



Vendor Statement

A security fix release fully addressing this issue is in preparation and will be released as soon as possible.

    Once the release is available, all Struts 2 users are strongly recommended to update their installations.

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References



    There are no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.