Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
Data de publicação: 21 julho 2015
Schweregrad: : Crítico
Identificador(es) CVE: : CVE-2011-3923
Data do informe: 21 julho 2015
Descrição
Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1004981
Trend Micro Deep Security DPI Rule Name: 1004981 - Apache Struts 'ParameterInterceptor' Class OGNL Expression Parsing Remote Command Execution
Software infectado e versão:
- Apache