This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:APACHE:STRUTS2-COOKIE-OGNL
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Apache Struts 2 CookieInterceptor OGNL Script Injection
|
Release Date |
2012/02/09
|
Update Number |
2079
|
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Apache Struts 2 CookieInterceptor OGNL Script Injection
This signature detects attempts to exploit a known vulnerability in Apache Struts 2. A successful attack will result in the execution of arbitrary expressions in the security context of the affected web application server.
Extended Description
Apache Struts is prone to an arbitrary file-overwrite vulnerability and a remote command execution vulnerability.
Successful exploits will allow attackers to overwrite arbitrary files on the affected computer and execute arbitrary commands with the privileges of the user running the affected application.
Versions prior to Apache Struts 2.3.1.1 is vulnerable; other versions may also be affected.
Affected Products
- Apache_software_foundation struts 2.0.0
- Apache_software_foundation struts 2.0.1
- Apache_software_foundation struts 2.0.10
- Apache_software_foundation struts 2.0.11
- Apache_software_foundation struts 2.0.11.1
- Apache_software_foundation struts 2.0.11 .2
- Apache_software_foundation struts 2.0.12
- Apache_software_foundation struts 2.0.13
- Apache_software_foundation struts 2.0.14
- Apache_software_foundation struts 2.0.2
- Apache_software_foundation struts 2.0.3
- Apache_software_foundation struts 2.0.4
- Apache_software_foundation struts 2.0.5
- Apache_software_foundation struts 2.0.6
- Apache_software_foundation struts 2.0.7
- Apache_software_foundation struts 2.0.8
- Apache_software_foundation struts 2.0.9
- Apache_software_foundation struts 2.1.0
- Apache_software_foundation struts 2.1.1
- Apache_software_foundation struts 2.1.2
- Apache_software_foundation struts 2.1.3
- Apache_software_foundation struts 2.1.4
- Apache_software_foundation struts 2.1.5
- Apache_software_foundation struts 2.1.6
- Apache_software_foundation struts 2.1.8
- Apache_software_foundation struts 2.1.8
- Apache_software_foundation struts 2.1.8.1
- Apache_software_foundation struts 2.1.8.1
- Apache_software_foundation struts 2.2.0
- Apache_software_foundation struts 2.2.1
- Apache_software_foundation struts 2.2.1.1
- Apache_software_foundation struts 2.2.3
- Apache_software_foundation struts 2.2.3.1
References