|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-07-12 | |
| Rule Name: | Struts2 Remote Code Execution Vulnerablity(S2-052) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | When Struts2 uses the Struts2-Rest-Plugin plug-in, if the Content-type of the http request is application/xml, the XStreamHandler parser will be used to instantiate the XStream object to deserialize and process our XML data, and by default it can be Introduce arbitrary objects, so arbitrary classes can be introduced through deserialization to cause remote command execution vulnerabilities. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |