Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not A Bug
    • Affects Version/s: 1.7
    • Fix Version/s: None
    • Component/s: Engine
    • Labels:
      None
    • Environment:
      Tomcat

      Description

      Hello,
      I was checking this vulnerability for struts against velocity and it looks like it may apply here also.

      http://www.kb.cert.org/vuls/id/719225

      When I use the code on my template:

      $model.class.getClassLoader() I get the following:

      WebappClassLoader context: /events delegate: false repositories: /WEB-INF/classes/ ----------> Parent Classloader: org.apache.catalina.loader.StandardClassLoader@47711479

      I am not sure on what type of manipulation was used in the vulnerability, but on struts, this type of response has been blocked.

      Cheers Greg

        Attachments

          Activity

            People

            • Assignee:
              claude Claude Brisson
              Reporter:
              ghuber Greg Huber
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: