Apache Struts 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability
Severity: : Critical
CVE Kennungen: : CVE-2011-3923
Advisory Date: 21 de июля de 2015
DESCRIPTION
Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1004981
Trend Micro Deep Security DPI Rule Name: 1004981 - Apache Struts 'ParameterInterceptor' Class OGNL Expression Parsing Remote Command Execution
AFFECTED SOFTWARE AND VERSION:
- Apache