CVE-2010-1870

Description

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.

Affected products

apache / Struts2.0.0 – 2.0.0
apache / Struts2.0.1 – 2.0.1
apache / Struts2.0.2 – 2.0.2
apache / Struts2.0.3 – 2.0.3
apache / Struts2.0.4 – 2.0.4
apache / Struts2.0.5 – 2.0.5
apache / Struts2.0.6 – 2.0.6
apache / Struts2.0.7 – 2.0.7
apache / Struts2.0.8 – 2.0.8
apache / Struts2.0.9 – 2.0.9
apache / Struts2.0.10 – 2.0.10
apache / Struts2.0.11 – 2.0.11
apache / Struts2.0.11.1 – 2.0.11.1
apache / Struts2.0.11.2 – 2.0.11.2
apache / Struts2.0.12 – 2.0.12
apache / Struts2.0.13 – 2.0.13
apache / Struts2.0.14 – 2.0.14
apache / Struts2.1.0 – 2.1.0
apache / Struts2.1.1 – 2.1.1
apache / Struts2.1.2 – 2.1.2
apache / Struts2.1.3 – 2.1.3
apache / Struts2.1.4 – 2.1.4
apache / Struts2.1.5 – 2.1.5
apache / Struts2.1.6 – 2.1.6
apache / Struts2.1.8 – 2.1.8
apache / Struts2.1.8.1 – 2.1.8.1

Exploits & PoCs

nucleiListSERV Maestro <= 9.0-8 RCEby b0yd

Description

Affected products

Exploits & PoCs

References