Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
Publish Date: 21 juillet 2015
Gravité: : Critique
Identifiant(s) CVE: : CVE-2011-3923
Date du conseil: 21 juillet 2015
Description
Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1004981
Trend Micro Deep Security DPI Rule Name: 1004981 - Apache Struts 'ParameterInterceptor' Class OGNL Expression Parsing Remote Command Execution
Affected software and version:
- Apache