Details
-
Dependency
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
Description
Hi, my name is Nick,
first Jira here.
I installed secure-jakarta-multipart-parser-plugin-1.1 software to patch CVE-2017-5638 security issue.
Since it's an official plugin, I expected to find some documentation on how it works and what kind of response to expect from the server. But I didn't find any, I guess because the preferred patch is to actually update Struts version to a more secure one, which I can't do unfortunately.
PROBLEM: I'm getting several different exceptions when I try to attack the system.
Sometimes I just get the HTML. So I guess the attack has not worked (and the patch did stop it), but it's hard for me to understand why I get such different responses from the server.
My main doubt is why sometimes the server returns an error and sometimes it just returns the html.
Am i doing this right? Is this how it's supposed to work? Or is this an issue that should be
handled somehow at the application level?
Thanks in advance