Child pages
  • S2-015

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Remote command execution, remote server context manipulation, injection of malicious client side code

Maximum security rating

Highly Critical

Recommendation

Developers should immediately upgrade to Struts 2.3.14.3

Affected Software

Struts 2.0.0 - Struts 2.3.14.2

Reporter

Jon Passki from Coverity Security Research Laboratory reported directly to security@struts.a.o and via blog post

CVE Identifier

CVE-2013-2135, CVE-2013-2134

...