Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Bug
-
1.7
-
None
-
None
-
Tomcat
Description
Hello,
I was checking this vulnerability for struts against velocity and it looks like it may apply here also.
http://www.kb.cert.org/vuls/id/719225
When I use the code on my template:
$model.class.getClassLoader() I get the following:
WebappClassLoader context: /events delegate: false repositories: /WEB-INF/classes/ ----------> Parent Classloader: org.apache.catalina.loader.StandardClassLoader@47711479
I am not sure on what type of manipulation was used in the vulnerability, but on struts, this type of response has been blocked.
Cheers Greg