Results 1 to 1 of 1
  1. #1
    BSRaghuram is offline Member
    Join Date
    Apr 2014
    Posts
    1
    Rep Power
    0

    Default How to implement Exclude Params in Struts 1.3.8

    Hi All,

    Issue

    The Apache Struts, there is operable vulnerability from outside the Java class loader in Struts 1 and Struts 2
    Reference Link : S2-020

    Apache Struts gave solution either to upgrade Struts version to 2.3.16.1 or
    add '^class\.*' to the list of excludeParams as shown below.

    <interceptor-ref name="params">
    <param name="excludeParams">(.*\.|^|.*|\[('|"))(c|C)lass(\.|('|")]|\[).*,^dojo\..*,^struts\..*,^session\..*,^request\.. *,^application\..*,^servlet(Request|Response)\..*, ^parameters\..*,^action:.*,^method:.*</param>
    </interceptor-ref>

    My Problem

    1. I cannot upgrade my struts version form 1.3.8 to newer one as per my client request

    2. The above exclude params is used in Struts 2, but i need to use it in struts 1.3.8 to exculde '^class\.*'.

    Please suggest. Thank you in advance for your answers.


    Regards,
    Raghuram.B
    Last edited by BSRaghuram; 05-01-2014 at 08:16 AM.

Similar Threads

  1. swt: GridData.exclude in Draw2d?
    By sanchau_in in forum SWT / JFace
    Replies: 0
    Last Post: 05-31-2012, 12:14 PM
  2. why are GObject method params double
    By wileedingo in forum New To Java
    Replies: 3
    Last Post: 05-06-2012, 08:27 PM
  3. struts2 not getting params info when validation fail
    By videanuadrian in forum Advanced Java
    Replies: 0
    Last Post: 09-16-2011, 12:45 PM
  4. Exclude character
    By ZeCute in forum New To Java
    Replies: 2
    Last Post: 05-23-2011, 08:19 PM
  5. Passing params by ref
    By kosko in forum Threads and Synchronization
    Replies: 2
    Last Post: 09-20-2010, 01:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •