what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Apache Struts 2 XSS / Command Execution

Apache Struts 2 XSS / Command Execution
Posted May 28, 2013
Authored by Rene Gielen | Site struts.apache.org

Apache Struts has released version 2.3.14.2. This version addresses a security issue. A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks.

tags | advisory, remote, xss
advisories | CVE-2013-2115
SHA-256 | 997e378c4b860d1aa2a155b1337c65add2fa61cfb34c8b401dbef4cd54ad9b69

Apache Struts 2 XSS / Command Execution

Change Mirror Download
The Apache Struts group is pleased to announce that Struts 2.3.14.2 is
available as a "General Availability" release. The GA designation is
our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to
streamline the full development cycle, from building, to deploying, to
maintaining applications over time.

A critical security issue was solved with this release - see [1] for
detailed information:
* A vulnerability introduced by forcing parameter inclusion in the URL
and Anchor Tag allows remote command execution, session access and
manipulation and XSS attacks

All developers are strongly advised to immediately update existing
Struts 2 applications to Struts 2.3.14.2.

Struts 2.3.14.2 is available in a full distribution or as separate
library, source, example and documentation distributions, from the
releases page. The release is also available through the central Maven
repository under Group ID "org.apache.struts". The release notes are
available online [2].

The 2.3.x series of the Apache Struts framework has a minimum
requirement of the following specification versions: Servlet API 2.4,
JSP API 2.0, and Java 5.

Should any issues arise with your use of any version of the Struts
framework, please post your comments to the user list, and, if
appropriate, file a tracking ticket.


- The Apache Struts Team.

[1] http://struts.apache.org/release/2.3.x/docs/s2-014.html
[2] http://struts.apache.org/release/2.3.x/docs/version-notes-23142.html
--
René Gielen
http://twitter.com/rgielen


Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close