Apache Struts 2 DefaultActionMapper Prefixes OGNL remote code execution exploit.
8fc62c46ad7c22f69ed91bac27cf5de646a12ab72512eb056f4af8ee4edfc6baApache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to remote command execution.
6016752b96e92a44c9cf1eebaa5b10137807afe16bffa1cffa6f222ce1c77103Struts2 suffers from an OGNL injection vulnerability that allows for redirection. Versions 2.0.0 through 2.3.15 are affected.
8dd8aee0be9f1818cac60e7eaadec5a677b61944590e6c481865994fb69abbf0The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. This Metasploit module has been tested successfully on Struts 2.3.15 over Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.
c240d5878f508b714bf5ceed219b636cd035393594292bf01d990b95dae4b372
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed