Showing 1 - 1 of 1

CVE-2020-17530

Status Candidate

Overview

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

Related Files

Apache Struts 2 Forced Multi OGNL Evaluation: Posted Dec 24, 2020; Authored by Matthias Kaiser, Spencer McIntyre, Alvaro Munoz, ka1n4t | Site metasploit.com; The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.; tags | exploit, remote, code execution; advisories | CVE-2019-0230, CVE-2020-17530; SHA-256 | 3cfe28296a3b91c815100d9996280537326adc728304ac8036ea7dcb8ca37586; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 253 files
Ubuntu 83 files
Gentoo 29 files
indoushka 26 files
Debian 10 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
Google Security Research 2 files
S. Dietz 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

CVE-2020-17530

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems