Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
Publish Date: 21 Juli 2015
Schweregrad:: Kritisch
CVE Kennungen:: CVE-2011-3923
Hinweisdatum: 21 Juli 2015
Beschreibung
Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1004981
Trend Micro Deep Security DPI Rule Name: 1004981 - Apache Struts 'ParameterInterceptor' Class OGNL Expression Parsing Remote Command Execution
Betroffene Software und Version:
- Apache