Struts 2 Development Mode Enabled

Severity:

Medium

Summary

Invicti detected that the web application is running in Development Mode.

Struts 2 has a setting (which can be set to true or false in default.properties) called devMode. When this setting is enabled, Struts 2 will provide additional logging and debug information, which can significantly speed up development.

Impact

When Struts is running in Development Mode it can expose sensitive data of your application.

Remediation

Required Skills for Successful Exploitation

Actions To Take

Turn off Struts Development Mode by modifying your struts.xml file (or set devMode to false in the default.properties file)

Classifications

CWE-16

OWASP 2013-A5

OWASP 2017-A6

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Missing frame-ancestors in CSP Declaration

WordPress Theme KONStore Shop Version Disclosure

Version Disclosure (Oscommerce)

Version Disclosure (jPlayer)

Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy

Struts 2 Development Mode Enabled

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.