|
|||
Rule General Information |
---|
Release Date: | 2017-07-31 | |
Rule Name: | Spring Web Flow Remote Code Execution Vulnerability -2 (CVE-2017-4971) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A script injection vulnerability has been found in Apache Struts 2. The vulnerability is due to a design error: HTTP request parameters are interpreted as OGNL expressions when conversion errors occur. | |
Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Solaris, FreeBSD, Linux, Mac OS, Other Unix, Others | |
Reference: | SecurityFocusBID:98785 |
|
Solutions |
---|
Update vender's patch. |