漏洞类别:Local
漏洞等级:
漏洞信息
Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications.
The vulnerability exists when using result type with no namespace and in same time, its upper action(s) have no or wildcard namespace. An unauthenticated, remote attacker could exploit this vulnerability by not setting the namespace value for a result defined in underlying configurations and in same time, its upper action(s) configurations have no or wildcard namespace. The vulnerable condition also exists when using url tag which doesnt have value and action set and in same time, its upper action(s) configurations have no or wildcard namespace.
Affected software:
Struts 2.x - Struts 2.3.34
Struts 2.5.x - Struts 2.5.16
QID Detection Logic (Authenticated):
Detection reads the tomcat location from tomcat server record and searches for struts-core.x.jar file under sub directories. It extracts the version from .jar file and compares with vulnerable struts versions.
漏洞危害
Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.
解决方案
Customers are advised to refer to the Apache Struts S2-057 advisory for more information pertaining to this vulnerability.Workaround:
If versions in addition to the ones listed above are detected as vulnerable, customers are advised to:
- Verify if the Struts Convention plugin is enabled.
- Set the alwaysSelectFullNamespace flag is set to FALSE in the Struts configuration.
- Specify the optional namespace attribute in the Struts configuration file.
- Remove the wildcard namespace attribute if specified in the Struts configuration file.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论