Описание
Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue.
An XML processing flaw has been found in Apache Struts. Parsing of XML configuration in the XWork component does not validate XML in proper way and it's vulnerable to XML external entity (XXE) injection.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | javapackages-tools:201801/google-guice | Not affected | ||
| Red Hat Fuse 7 | struts2-core | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 8 | struts2-core | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | struts2-core | Not affected |
Показывать по
Дополнительная информация
Статус:
7.1 High
CVSS3
Связанные уязвимости
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
Missing XML Validation vulnerability in Apache Struts, Apache Struts. ...
Уязвимость программной платформы Apache Struts, связанная с отсутствием проверки подлинности XML-документов, позволяющая нарушителю проводить XXE-атаки
7.1 High
CVSS3