Struts 2
  1. Struts 2
  2. WW-4146

cache attack at OgnlUtil.expressions

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.15.1
    • Fix Version/s: 2.3.20
    • Component/s: Expression Language
    • Labels:
      None

      Description

      in class com.opensymphony.xwork2.ognl.OgnlUtil, code :

      tree = expressions.get(expression);
      if (tree == null) {
      	tree = Ognl.parseExpression(expression);
      	expressions.putIfAbsent(expression, tree);
      }
      

      every parameter in the request cached in field expressions which is an instances of ConcurrentMap<String, Object>, use parameterName as key. so i construct huge different parameters that has different name (like "abc[123], abc[124]" ), they all cached in expressions, this cause outofmemory error, and let map acted like a list .

      1. WW-4146.patch
        12 kB
        Maurizio Cucchiara

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Lukasz Lenart
            Reporter:
            bruce liu
          • Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development