Apache Struts CVE-2014-0116 Weak Authentication Vulnerability
Description
The excluded parameter pattern introduced in version 2.3.16.2 to block access to getClass() method didn't cover other cases and because of that attacker can change state of session, request and so on (when "*" is used to configurecookiesNameparam).
Affected Applications
Apache Struts