Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
Gravità: : Critico
Identificatori CVE: CVE-2011-3923
Data notifica: 21 luglio 2015
Descrizione
Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1004981
Trend Micro Deep Security DPI Rule Name: 1004981 - Apache Struts 'ParameterInterceptor' Class OGNL Expression Parsing Remote Command Execution
Software e versione interessati:
- Apache