Description
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Exploits & proofs of concept
- nucleiApache Struts 2 - DefaultActionMapper Prefixes OGNL Code Executionby exploitation,dwisiswant0,alex
References
- MISChttp://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html
- VENDOR_ADVISORYhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/90392
- MAILING_LISThttp://seclists.org/fulldisclosure/2013/Oct/96
- MISChttp://cxsecurity.com/issue/WLB-2014010087
- VENDOR_ADVISORYhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
- MISChttp://struts.apache.org/release/2.3.x/docs/s2-016.html
- MISChttp://archiva.apache.org/security.html
- MISChttp://osvdb.org/98445
- MISChttp://www.securitytracker.com/id/1032916
- MISChttp://www.securityfocus.com/bid/61189
- MISChttp://www.securitytracker.com/id/1029184
- MISChttp://www.securityfocus.com/bid/64758
- VENDOR_ADVISORYhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- MAILING_LISThttp://seclists.org/oss-sec/2014/q1/89
- EXPLOIThttp://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html