Apache Struts "action:" Action Mapping Security Bypass Vulnerability
Gravedad: Medio
Identificadores de CVE : CVE-2013-4310
Fecha recomendada: 21 de julio de 2015
Descripción
This rule detects the usage of OGNL predefined prefix "Action", which may allow remote attacker to evaluate crafted OGNL expressions to execute arbitrary Java code, execute arbitrary commands and redirect URL to any location.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1005691
Trend Micro Deep Security DPI Rule Name: 1005691 - Identified Apache Struts Action Prefix In HTTP Request
Software y versión afectados
- apache struts 2.0.0
- apache struts 2.0.1
- apache struts 2.0.10
- apache struts 2.0.11
- apache struts 2.0.11.1
- apache struts 2.0.11.2
- apache struts 2.0.12
- apache struts 2.0.13
- apache struts 2.0.14
- apache struts 2.0.2
- apache struts 2.0.3
- apache struts 2.0.4
- apache struts 2.0.5
- apache struts 2.0.6
- apache struts 2.0.7
- apache struts 2.0.8
- apache struts 2.0.9
- apache struts 2.1.0
- apache struts 2.1.1
- apache struts 2.1.2
- apache struts 2.1.3
- apache struts 2.1.4
- apache struts 2.1.5
- apache struts 2.1.6
- apache struts 2.1.8
- apache struts 2.1.8.1
- apache struts 2.2.1
- apache struts 2.2.1.1
- apache struts 2.2.3
- apache struts 2.2.3.1
- apache struts 2.3.1
- apache struts 2.3.1.1
- apache struts 2.3.1.2
- apache struts 2.3.12
- apache struts 2.3.14
- apache struts 2.3.14.1
- apache struts 2.3.14.2
- apache struts 2.3.14.3
- apache struts 2.3.15
- apache struts 2.3.15.1
- apache struts 2.3.3
- apache struts 2.3.4
- apache struts 2.3.4.1
- apache struts 2.3.7
- apache struts 2.3.8