You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, if I run this Spring Boot web app locally from IntelliJ (BTW, I had to add server.servlet.context-path=/helloworld in application.properties file) and try these steps:
My question is why this vulnerability can not be exploited when it's run locally from IntelliJ WITHOUT using Dockerfile at all?
idavollen
changed the title
the vulnerability can not be exploited locally
the vulnerability can not be exploited locally when it's run from the IntelliJ without using Dockerfile
Apr 6, 2022
@idavollen From vulnerability descriptions which I read, it only works when app is packaged as WAR and deployed to standalone Tomcat. They say, it doesn't work when run with built-in Tomcat.
When the war file is deployed in the Docker container, the vulnerability can be exploited after running:
However, if I run this Spring Boot web app locally from IntelliJ (BTW, I had to add server.servlet.context-path=/helloworld in application.properties file) and try these steps:
I've just got "HTTP Status 404 – Not Found" with http://localhost:8080/shell.jsp?cmd=id
Can someone shed the light on why the vulnerability can't be exploited when it's run locally from IntelliJ?
The text was updated successfully, but these errors were encountered: