‫ Apache Struts OGNL Expression Injection Vulnerabilities

IRCAD2013062724
ID: IRCAD2013062724
Release Date: 2013-06-05
Criticality level: Highly critical
Software:
Apache Struts 2.x
Description:                                                         
Security Research Laboratory has reported some vulnerabilities in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.
Some vulnerabilities are caused due to a double evaluation error when evaluating parameters as OGNL (Object-Graph Navigation Language) expressions, which can be exploited to modify server-side objects and e.g. execute arbitrary commands via specially crafted OGNL expressions.
The vulnerabilities are reported in versions prior to 2.3.14.3.
Solution
Update to version 2.3.14.3.
References:
Apache:
Jon Passki, Coverity Security Research Laboratory:
Secunia
http://secunia.com/advisories/53693/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 16 خرداد 1392

امتیاز

امتیاز شما
تعداد امتیازها:0