Versions Compared

Old Version 2

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version 3

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

Special top object can be used to access Struts' internals or container's web context modification

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Manipulation of Struts' internals, altering of user session, container's web context modification

Maximum security rating

High

Recommendation

Update regex used to excluded vulnerable incoming parameters. An upgrade to Struts 2.3.24.1 is recommended.

Affected Software

Struts 2.0.0 - Struts Struts 2.3.24

Reporter

rskvp93 at gmail dot com from Viettel Information Security Center

CVE Identifier

TBD

...