Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
Publish date: 21 de julio de 2015
Gravedad: Crítico
Identificadores de CVE : CVE-2011-3923
Fecha recomendada: 21 de julio de 2015
Descripción
Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1004981
Trend Micro Deep Security DPI Rule Name: 1004981 - Apache Struts 'ParameterInterceptor' Class OGNL Expression Parsing Remote Command Execution
Software y versión afectados
- Apache