Struts 2
  1. Struts 2
  2. WW-3470

Remote Command Execution Vulnerability

    Details

      Description

      http://www.exploit-db.com/exploits/14360/

      caused by com.opensymphony.xwork2.interceptor.ParametersInterceptor
      fixed in struts2 trunk
      not fixed in latest build jar

        Activity

        Lukasz Lenart made changes -
        Fix Version/s 2.2.1 [ 12315170 ]
        Fix Version/s 2.2.2 [ 12315200 ]
        Lukasz Lenart made changes -
        Assignee Lukasz Lenart [ lukaszlenart ]
        Fix Version/s 2.2.2 [ 12315200 ]
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Closed [ 6 ]
        Hide
        Lukasz Lenart added a comment - - edited

        This is already solved in 2.2.1

        Show
        Lukasz Lenart added a comment - - edited This is already solved in 2.2.1
        zhouyanming made changes -
        Field Original Value New Value
        Environment xwork version
        http://hudson.zones.apache.org/hudson/job/xwork2/lastBuild/com.opensymphony$xwork-core/
        #89 (2009-12-1 8:01:51)
        Description http://www.exploit-db.com/exploits/14360/ http://www.exploit-db.com/exploits/14360/

        caused by com.opensymphony.xwork2.interceptor.ParametersInterceptor
        fixed in struts2 trunk
        not fixed in latest build jar
        zhouyanming created issue -

          People

          • Assignee:
            Lukasz Lenart
            Reporter:
            zhouyanming
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development