Struts 2 Development Mode Enabled

Severity:

Medium

Summary

Invicti detected that the web application is running in Development Mode.

Struts 2 has a setting (which can be set to true or false in default.properties) called devMode. When this setting is enabled, Struts 2 will provide additional logging and debug information, which can significantly speed up development.

Impact

When Struts is running in Development Mode it can expose sensitive data of your application.

Remediation

Required Skills for Successful Exploitation

Actions To Take

Turn off Struts Development Mode by modifying your struts.xml file (or set devMode to false in the default.properties file)

Classifications

CWE-16

OWASP 2013-A5

OWASP 2017-A6

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Payara Identified

Version Disclosure (PHP)

Version Disclosure (Apache Coyote)

Version Disclosure (FabricJs)

GraphQL Library Detected (Sangria)

Struts 2 Development Mode Enabled

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.