Subject: Re: [Full-disclosure] [ANN] Struts 2.3.16.1 GA
release available - security fix



No, rather no. You gain access to ClassLoader.

2014-03-06 16:43 GMT+01:00 Tim <[email protected]>:
>
>> This release includes important security fixes:
>> - S2-020 - ClassLoader manipulation via request parameters
>
> What is the ultimate impact of this manipulation? Another RCE bug?
>
> tim

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]



Programming list archiving by: Enterprise Git Hosting