Skip to main content

Apache Struts Execute Arbitrary Code Vulnerability

Last Update Date: 25 Apr 2014 10:35 Release Date: 25 Apr 2014 3864 Views

RISK: High Risk

TYPE: Operating Systems - Application Platforms

TYPE: Application Platforms

A vulnerability has been identified in Apache Struts. A remote user can execute arbitrary code on the target system.

 

A remote user can supply specially crafted 'class' parameter values to the ParametersInterceptor class to manipulate the ClassLoader and execute arbitrary code.

 

*Note: No patch is available.


Impact

  • Remote Code Execution
  • Data Manipulation

System / Technologies affected

  • Version 2.3.16.1 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 


Vulnerability Identifier


Source


Related Link