Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities

Last Update Date: 19 Jul 2013 10:33 Release Date: 19 Jul 2013 4891 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities have been identified in Apache Struts, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions.

  1. Input passed via the "redirect:" and "redirectAction:" prefixing parameters is not properly verified in the DefaultActionMapper class (org.apache.struts2.dispatcher.mapper.DefaultActionMapper) before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to an affected script hosted on a trusted domain.
  2. An input sanitisation error when handling the "action:", "redirect:", and "redirectAction:" prefixing parameters in the DefaultActionMapper class (org.apache.struts2.dispatcher.mapper.DefaultActionMapper) can be exploited to e.g. inject and execute arbitrary Java code via OGNL (Object-Graph Navigation Language) expressions.

Impact

  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Apache Struts 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.3.15.1.

Vulnerability Identifier

Source

Related Link

Share with

Previous

IBM Java Multiple Vulnerabilities

18 Jul 2013 4344 Views

Next

HP System Management Homepage Multiple Vulnerabilities

22 Jul 2013 4555 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY