Description

This Struts web application is running in Development Mode. Struts 2 has a setting (which can be set to true or false in default.properties) called devMode (= development mode). When this setting is enabled, Struts 2 will provide additional logging and debug information, which can significantly speed up development. Please turn this option off before deploying application to a production environment - it can expose sensitive data of your application!

Remediation

Turn off Struts Development Mode by modifying your struts.xml file (or set devMode to false in the file default.properties): 

<constant name="struts.devMode" value="false" />

References

Development Mode

Related Vulnerabilities

Joomla J!Dump extension enabled

WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)

WordPress Plugin SL User Create Information Disclosure (0.2.4)

[Possible] WS_FTP Log File Detected

WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)

Severity

High

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure