S2 043 - L0kiii/Apache-Struts2-Wiki GitHub Wiki
S2-043
Summary
Using the Config Browser plugin in production
| Who should read this | All Struts 2 developers and users |
|---|---|
| Impact of vulnerability | Usage of the Config Browser plugin in a production evnironment |
| Maximum security rating | Low |
| Recommendation | Please read the Security guideline |
| Affected Software | Any Struts 2 version |
| Reporter | Yelin from Venustech Inc. |
| CVE Identifier |
Problem
Usage of the Config Browser in a production environment can lead to exposing vunerable information of the application
Solution
Please read our Security guideline and restrict access to the Config Browser or do not use in a production environment!
Backward compatibility
No backward incompatibility issues are expected.