Struts 2 Config Browser plugin enabled
Summary#
Invicti detected that the web application is configured to use the Config Browser plugin. The Config Browser Plugin is a tool used to view the web application configuration at runtime. This plugin should be used only during development phase and access to it should be strictly restricted in production.
Impact#
The Config Browser plugin is exposing sensitive information that could help an attacker to conduct further attacks.
Actions To Take#
The Config Browser plugin can be disabled by removing the .jar file (usually named struts2-config-browser-plugin-*.jar) from WEB-INF/lib directory.
Classifications#
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Related Vulnerabilities
