Apache Struts Execute Arbitrary Code Vulnerability
Last Update Date:
25 Apr 2014 10:35
Release Date:
25 Apr 2014
3937
Views
RISK: High Risk
TYPE: Operating Systems - Application Platforms
A vulnerability has been identified in Apache Struts. A remote user can execute arbitrary code on the target system.
A remote user can supply specially crafted 'class' parameter values to the ParametersInterceptor class to manipulate the ClassLoader and execute arbitrary code.
*Note: No patch is available.
Impact
- Remote Code Execution
- Data Manipulation
System / Technologies affected
- Version 2.3.16.1 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- No patch is available
- Workaround : http://struts.apache.org/announce.html#a20140424
Vulnerability Identifier
Source
Related Link
Share with