...
Excerpt |
---|
Special |
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | Manipulation of Struts' internals, altering of user session |
Maximum security rating |
Important | |
Recommendation | Update regex used to excluded vulnerable incoming parameters. An upgrade to Struts 2.3.24.1 is recommended. |
---|---|
Affected Software | Struts 2.0.0 - Struts Struts 2.3.24 |
Reporter | rskvp93 at gmail dot com from Viettel Information Security Center |
CVE Identifier |
Problem
ValueStack defines special top
object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings
...