Struts 2 Development Mode Enabled

Summary#

Invicti detected that the web application is running in Development Mode.

Struts 2 has a setting (which can be set to true or false in default.properties) called devMode. When this setting is enabled, Struts 2 will provide additional logging and debug information, which can significantly speed up development.

Impact#

When Struts is running in Development Mode it can expose sensitive data of your application.

Actions To Take#

Turn off Struts Development Mode by modifying your struts.xml file (or set devMode to false in the default.properties file)

<constant name="struts.devMode" value="false" />

Classifications#

OWASP 2017-A6, OWASP 2013-A5, CWE-16, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Struts 2 Development Mode Enabled

Related Articles

Build your resistance to threats. And save hundreds of hours each month.