Описание
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
Ссылки
- Broken Link
- Third Party Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Broken Link
- Broken Link
- Third Party Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Broken Link
Уязвимые конфигурации
EPSS
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
The CookieInterceptor component in Apache Struts before 2.3.1.1 does n ...
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
Уязвимость реализации класса CookieInterceptor программной платформы Apache Struts, позволяющая нарушителю выполнить произвольный код
EPSS
6.8 Medium
CVSS2