|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-05-13 | |
| Rule Name: | Apache Struts OGNL Remote Code Execution Vulnerability (CVE-2019-0230) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | CVE-2019-0230 is a forced double Object-Graph Navigation Language (OGNL) evaluation vulnerability that occurs when Struts tries to perform an evaluation of raw user input inside of tag attributes. An attacker could exploit this vulnerability by injecting malicious OGNL expressions into an attribute used within an OGNL expression. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://struts.apache.org/announce.html https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7 https://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html https://cwiki.apache.org/confluence/display/ww/s2-059 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://cwiki.apache.org/confluence/display/ww/s2-059 |