問題陳述
| 弱點掃描出現 Apache Struts 2 installed on the remote host is running a OGNL console. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related items on the remote host and lead to further compromise. |
解決方法
第一步:於struts2.xml 添加
<constant name="struts.action.excludePattern" value="/struts/.*" />第二步:於web.xml 添加
<security-constraint>
<web-resource-collection>
<web-resource-name>OGNLconsole</web-resource-name>
<url-pattern>/struts/.*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>測試方法
於網址後面加上 /struts/webconsole.html後,如無出現黑色畫面白底字welcome to the OGNL console! 就是成功了。
如 http://XXXXXX.tw/struts/webconsole.html
叮嚀:如本文對您有幫助,請幫忙按個廣告。