Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS14NWZjLXBncHgtNTlqNc32hw

Server side object manipulation in Apache Struts

OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the '#'-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in S2-003, but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.

Permalink: https://github.com/advisories/GHSA-x5fc-pgpx-59j5
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14NWZjLXBncHgtNTlqNc32hw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 8 months ago

Identifiers: GHSA-x5fc-pgpx-59j5, CVE-2010-1870
References:

• https://nvd.nist.gov/vuln/detail/CVE-2010-1870
• http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
• http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16
• http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
• http://seclists.org/fulldisclosure/2010/Jul/183
• http://seclists.org/fulldisclosure/2020/Oct/23
• http://struts.apache.org/2.2.1/docs/s2-005.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
• https://cwiki.apache.org/confluence/display/WW/S2-003
• https://github.com/advisories/GHSA-x5fc-pgpx-59j5

Blast Radius: 0.0

Affected Packages