Apache Struts CookieInterceptor security bypass

There is a vulnerability in the way Apache Struts 2 cookieinterceptor disallows certaincookie names that can allow an attacker to manipulate session and requestrelated attributes.

Leave a Reply