漏洞类别:Local
漏洞等级: 
漏洞信息
Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications.
Apache Struts is prone to a security-bypass vulnerability.
Affected software:
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1
QID detection logic:
This authenticated detection looks for "struts core" jar files in deployed web applications directories and lib folder of Tomcat server. Once it successfully finds the jar file, information is extracted from that jar files and compared with vulnerable versions.
This detection does NOT support applications are deployed with server configuration unpackWARs=false.
漏洞危害
Successful exploitation allows an authenticated, remote attacker to perform unspecified attack.
解决方案
Customers are advised to upgrade to Struts Download the later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论