Announcement Announcement Module
Collapse
No announcement yet.
Advisory - Multiple Vulnerabilities in Apache Struts Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advisory - Multiple Vulnerabilities in Apache Struts


    Severity Rating: Medium

    Systems Affected
    • Apache Struts versions 2.x prior to 2.3.16.1

    Overview
    Multiple vulnerabilities have been reported in Apache Struts which could be exploited by a remote attacker to bypass certain security restrictions or cause Denial of Service (DoS) condition.

    Description
    1. Commons FileUpload Denial of Service Vulnerability This vulnerability exists in the default upload mechanism in Apache Struts due to an error while processing HTTP headers by the Apache Commons
    FileUpload component. A remote attacker could exploit this vulnerability by sending a crafted Content-Type header that triggers the inadequacy in the Apache Commons FileUpload component.
    Successful exploitation of this vulnerability could lead to the system become unresponsive resulting in Denial of Service (DoS) conditions.
    Note: The limitation is present in the Apache Commons FileUpload version 1.3

    2. Security Bypass vulnerability
    This vulnerability exists in the ParameterInterceptor class due to improper validation of user-supplied inputs. The ParameterInterceptor allows access to ‘class’ parameter which is passed to getClass method. A remote attacker could exploit this vulnerability by supplying crafted inputs to the ‘class’ parameter and manipulate the ClassLoader. Successful exploitation of this vulnerability could allow the remote
    attacker to bypass security restrictions and perform unauthorized actions.

    Solution
    Upgrade to Apache Struts version 2.3.16.1

    Vendor Information
    Apache
    http://struts.apache.org/release/2.3.x/docs/s2-020.html

    References
    Apache
    http://struts.apache.org/release/2.3.x/docs/s2-020.html

    CISCO
    http://tools.cisco.com/security/cent...?alertId=32760
    http://tools.cisco.com/security/cent...?alertId=33237

    Security Tracker
    http://www.securitytracker.com/id/1029876

    SecurityFocus
    http://www.securityfocus.com/bid/65400
    http://www.securityfocus.com/bid/65999/
Tag Cloud Tag Cloud Module
Collapse
Working...
X