HomePentest-Tools.com Logo

Apache Struts Security Update (S2-005) - Active Check CVE-2010-1870

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache Struts is prone to a remote command execution (RCE) vulnerability.

Risk description

The flaw is due to an error in OGNL extensive expression evaluation capability in XWork in Struts, uses as permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the # protection mechanism in ParameterInterceptors via various variables. Successful exploitation will allow an attacker to manipulate server-side context objects with the privileges of the user running the application.

Recommendation

Update to version 2.2.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 17, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available