Uploaded image for project: 'Velocity'
  1. Velocity
  2. VELOCITY-849

Vulnerability Note

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Not A Bug
    • 1.7
    • None
    • Engine
    • None
    • Tomcat

    Description

      Hello,
      I was checking this vulnerability for struts against velocity and it looks like it may apply here also.

      http://www.kb.cert.org/vuls/id/719225

      When I use the code on my template:

      $model.class.getClassLoader() I get the following:

      WebappClassLoader context: /events delegate: false repositories: /WEB-INF/classes/ ----------> Parent Classloader: org.apache.catalina.loader.StandardClassLoader@47711479

      I am not sure on what type of manipulation was used in the vulnerability, but on struts, this type of response has been blocked.

      Cheers Greg

      Attachments

        Activity

          People

            cbrisson Claude Brisson
            ghuber Greg Huber
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: