‫ Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities

IRCAD2013072797
ID: IRCAD2013072797
Release Date: 2013-07-17
Criticality level: Highly critical
 
Software:
Apache Struts 2.x
 
Description:
Two weaknesses and multiple vulnerabilities have been reported in Apache Struts, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions.
1) Input passed via the "redirect:" and "redirectAction:" prefixing parameters is not properly verified in the DefaultActionMapper class
(org.apache.struts2.dispatcher.mapper.DefaultActionMapper) before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to an affected script hosted on a trusted domain.
2) An input sanitisation error when handling the "action:", "redirect:", and "redirectAction:" prefixing parameters in the DefaultActionMapper class
(org.apache.struts2.dispatcher.mapper.DefaultActionMapper) can be exploited to e.g. inject and execute arbitrary Java code via OGNL (Object-Graph Navigation Language) expressions.
The weaknesses and the vulnerabilities are reported in versions 2.0.0 through 2.3.15.
 
Solution
Update to version 2.3.15.1.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 29 تیر 1392

امتیاز

امتیاز شما
تعداد امتیازها:0