[WW-4063] Remote code execution in Struts2 via expression language execution - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.3.14.1
Fix Version/s: 2.3.14.2
Component/s: Expression Language
Labels:
- security
Environment:

Mac OS X 10.7

Flags:

Important

Description

Struts2 under certain configurations is vulnerable to remote code execution via the interpretation of EL and OGNL. Since this is I'm assuming a publicly accessible issue, please let me know if I should add a reproducer to this issue or if I should communicate this reproducer though another mechanism.

Attachments

Activity

People

Assignee:: René Gielen

Reporter:: Coverity Security Research Laboratory

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 01/May/13 23:05

Updated:: 27/May/13 14:48

Resolved:: 24/May/13 17:12