You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Summary

Double OGNL evaluation when using raw user input in tag's attributes.

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible Remote Code Execution vulnerability

Maximum security rating

Important

Recommendation

Always validate incoming parameters' values when re-assigning them to certain Struts' tags attributes. Alternatively upgrade to Struts 2.3.26

Affected Software

Struts 2.0.0 - Struts Struts 2.3.24.1

Reporter

Romain Gaucher rgaucher at coverity dot com - Coverity

CVE Identifier

CVE-2016-0785

Problem

The Apache Struts frameworks performs double evaluation of attributes' values assigned to certain tags so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered.

Solution

Adding a proper validation of each value that's coming in and it's used in tag's attributes. Alternatively upgrade to Struts 2.3.26.

Backward compatibility

No issues expected when upgrading to Struts 2.3.26

Workaround

Not possible

  • No labels