Описание
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
The ParameterInterceptor component in Apache Struts before 2.3.1.1 doe ...
Apache Struts's ParameterInterceptor component does not prevent access to public constructors
Уязвимость компонента ParameterInterceptor программной платформы Apache Struts, позволяющая нарушителю записывать произвольные файлы в систему
EPSS
6.4 Medium
CVSS2