Описание
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Issue TrackingVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
EPSS
10 Critical
CVSS2
Дефекты
Связанные уязвимости
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expressio ...
Уязвимость программной платформы Apache Struts, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
EPSS
10 Critical
CVSS2