This is a DoS attack example when Struts2 user uses Spring to secure his actions, like mentioned at section `Initializing Actions from Spring` of spring-plugin
- An anonymous user logins as an authenticated user.
- Then tries
are actions available for users
By replacing `rolePrefix`, attacker blocks access to secured actions for all defined roles even if they authenticate via login! so services are down and webapp restart is required to back to normal!!!
- login via
- in another browser, login via
- try to access
- also repeat 5 and try open
which also fails!
- Services are down and webapp restart is required to back to normal.