Apache Struts setup in Debug-Mode

Apache Struts is a lightweight framework designed to provide basic structure for web applications. It is used to develop complex web applications that require independent modules to build. In the debug mode, Struts shows the information that is logged by the system. This will give the attacker a chance to get the information regarding the configuration of the system, which can be used to carry out a number of attacks.

Impact

It is possible that an attacker can extract the configuration and other sensitive information from production servers and then use it as a starting point for other attacks.

Solution

If the web application is not in production, disable “Debug Mode”.