Schweregrad: : Crítico
  Identificador(es) CVE: : CVE-2013-2135
  Data do informe: 21 julho 2015

  Descrição

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

  Exposição das informações

Apply associated Trend Micro DPI Rules.

  Solução

  Trend Micro Deep Security DPI Rule Number: 1005572
  Trend Micro Deep Security DPI Rule Name: 1005572 - Apache Struts OGNL Expression Remote Code Execution Vulnerabilities

  Software infectado e versão:

  • apache struts 2.0.0
  • apache struts 2.0.1
  • apache struts 2.0.10
  • apache struts 2.0.11
  • apache struts 2.0.11.1
  • apache struts 2.0.11.2
  • apache struts 2.0.12
  • apache struts 2.0.13
  • apache struts 2.0.14
  • apache struts 2.0.2
  • apache struts 2.0.3
  • apache struts 2.0.4
  • apache struts 2.0.5
  • apache struts 2.0.6
  • apache struts 2.0.7
  • apache struts 2.0.8
  • apache struts 2.0.9
  • apache struts 2.1.0
  • apache struts 2.1.1
  • apache struts 2.1.2
  • apache struts 2.1.3
  • apache struts 2.1.4
  • apache struts 2.1.5
  • apache struts 2.1.6
  • apache struts 2.1.8
  • apache struts 2.1.8.1
  • apache struts 2.2.1
  • apache struts 2.2.1.1
  • apache struts 2.2.3
  • apache struts 2.2.3.1
  • apache struts 2.3.1
  • apache struts 2.3.1.1
  • apache struts 2.3.1.2
  • apache struts 2.3.12
  • apache struts 2.3.14
  • apache struts 2.3.14.1
  • apache struts 2.3.14.2
  • apache struts 2.3.3
  • apache struts 2.3.4
  • apache struts 2.3.4.1
  • apache struts 2.3.7
  • apache struts 2.3.8