Apache Struts "action:" Action Mapping Security Bypass Vulnerability
Gravità: : Medio
Identificatori CVE: CVE-2013-4310
Data notifica: 21 luglio 2015
Descrizione
This rule detects the usage of OGNL predefined prefix "Action", which may allow remote attacker to evaluate crafted OGNL expressions to execute arbitrary Java code, execute arbitrary commands and redirect URL to any location.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1005691
Trend Micro Deep Security DPI Rule Name: 1005691 - Identified Apache Struts Action Prefix In HTTP Request
Software e versione interessati:
- apache struts 2.0.0
- apache struts 2.0.1
- apache struts 2.0.10
- apache struts 2.0.11
- apache struts 2.0.11.1
- apache struts 2.0.11.2
- apache struts 2.0.12
- apache struts 2.0.13
- apache struts 2.0.14
- apache struts 2.0.2
- apache struts 2.0.3
- apache struts 2.0.4
- apache struts 2.0.5
- apache struts 2.0.6
- apache struts 2.0.7
- apache struts 2.0.8
- apache struts 2.0.9
- apache struts 2.1.0
- apache struts 2.1.1
- apache struts 2.1.2
- apache struts 2.1.3
- apache struts 2.1.4
- apache struts 2.1.5
- apache struts 2.1.6
- apache struts 2.1.8
- apache struts 2.1.8.1
- apache struts 2.2.1
- apache struts 2.2.1.1
- apache struts 2.2.3
- apache struts 2.2.3.1
- apache struts 2.3.1
- apache struts 2.3.1.1
- apache struts 2.3.1.2
- apache struts 2.3.12
- apache struts 2.3.14
- apache struts 2.3.14.1
- apache struts 2.3.14.2
- apache struts 2.3.14.3
- apache struts 2.3.15
- apache struts 2.3.15.1
- apache struts 2.3.3
- apache struts 2.3.4
- apache struts 2.3.4.1
- apache struts 2.3.7
- apache struts 2.3.8