Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Struts 2 Config Browser plugin enabled - Vulnerability Database

Struts 2 Config Browser plugin enabled

Description

This Struts web application is configured to use the Config Browser plugin. The Config Browser Plugin is a tool used to view the web application configuration at runtime. This plugin should be used only during development phase and access to it should be strictly restricted in production.

Remediation

The Config Browser plugin can be disabled by removing the .jar file (usually named struts2-config-browser-plugin-*.jar) from <strong>/WEB-INF/lib</strong> directory.

References

Config Browser Plugin

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration Information Disclosure
Laravel LogViewer open Medium
Common tags: Configuration Information Disclosure
The Heartbleed Bug High
Common tags: Configuration Information Disclosure
Multiple vulnerabilities in Ioncube loader-wizard.php High
Common tags: Configuration Information Disclosure
Microsoft Frontpage configuration information Information
Common tags: Configuration Information Disclosure

Severity

Medium

Classification

CWE-16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration
Information Disclosure