漏洞类别:Web Application
漏洞等级: 
漏洞信息
The Apache Struts web framework is a free open source solution for creating Java web applications.
Apache Struts is prone to multiple remote code execution vulnerabilities CVE-2013-2134 and CVE-2013-2135 due to improper handling of wildcard matching mechanism or double evaluation of OGNL expression.
Affected software:
Apache Struts versions 2.0.0 through 2.3.14.2 are vulnerable.
漏洞危害
If successful, an attacker can manipulate server-side context objects with the privileges of the user running the application and execute arbitrary code.
解决方案
Upgrade to the latest version of the Apache Struts 2 framework to fix this issue. For more details please refer to vendor advisory: S2-015
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1005572: 1005572 - Apache Struts OGNL Expression Remote Code Execution Vulnerabilities
0day
文章评论