Signature Detail

HTTP: Apache Struts CookieInterceptor Security Bypass

This signature detects attempts to exploit a known vulnerability against Apache Struts. A successful attack can allow an attacker to bypass the Java security policies and load malicious class files. Successful exploitation of this vulnerability can lead to arbitrary code execution.

Extended Description

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.

Affected Products

• Apache struts 2.0.0
• Apache struts 2.0.1
• Apache struts 2.0.10
• Apache struts 2.0.11
• Apache struts 2.0.11.1
• Apache struts 2.0.11.2
• Apache struts 2.0.12
• Apache struts 2.0.13
• Apache struts 2.0.14
• Apache struts 2.0.2
• Apache struts 2.0.3
• Apache struts 2.0.4
• Apache struts 2.0.5
• Apache struts 2.0.6
• Apache struts 2.0.7
• Apache struts 2.0.8
• Apache struts 2.0.9
• Apache struts 2.1.0
• Apache struts 2.1.1
• Apache struts 2.1.2
• Apache struts 2.1.3
• Apache struts 2.1.4
• Apache struts 2.1.5
• Apache struts 2.1.6
• Apache struts 2.1.8
• Apache struts 2.1.8.1
• Apache struts 2.2.1
• Apache struts 2.2.1.1
• Apache struts 2.2.3
• Apache struts 2.2.3.1
• Apache struts 2.3.1
• Apache struts 2.3.1.1
• Apache struts 2.3.12
• Apache struts 2.3.1.2
• Apache struts 2.3.14
• Apache struts 2.3.14.1
• Apache struts 2.3.14.2
• Apache struts 2.3.14.3
• Apache struts 2.3.15
• Apache struts 2.3.15.1
• Apache struts 2.3.15.2
• Apache struts 2.3.15.3
• Apache struts 2.3.16
• Apache struts 2.3.16.1
• Apache struts 2.3.16.2
• Apache struts 2.3.3
• Apache struts 2.3.4
• Apache struts 2.3.4.1
• Apache struts 2.3.7
• Apache struts 2.3.8

References

• BugTraq: 67218
• CVE: CVE-2014-0116
• URL: http://struts.apache.org/release/2.3.x/docs/s2-022.html