Summary #

Invicti detected that the web application is running in Development Mode.

Struts 2 has a setting (which can be set to true or false in default.properties) called devMode. When this setting is enabled, Struts 2 will provide additional logging and debug information, which can significantly speed up development.

Impact #

When Struts is running in Development Mode it can expose sensitive data of your application.

Actions To Take #

Turn off Struts Development Mode by modifying your struts.xml file (or set devMode to false in the default.properties file)

<constant name="struts.devMode" value="false" />
Classifications #
CWE-16; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo