You are here

V-162: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

May 23, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability has been reported in Apache Struts

PLATFORM:

The vulnerability is reported in versions prior to 2.3.14.1

ABSTRACT:

A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.

REFERENCE LINKS:

Secunia Advisory SA53495
Apache Struts Advisory S2-012
Apache Struts Advisory S2-013
CVE-2013-1965
CVE-2013-1966

IMPACT ASSESSMENT:

High

DISCUSSION:

A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into the stack, afterward used as request parameter of an URL or A tag, which will cause a further evaluation.

A request that included a specially crafted request parameter could be used to inject arbitrary OGNL code into a property, afterward used as request parameter of a redirect address, which will cause a further evaluation.

IMPACT:

This can allow malicious users put arbitrary OGNL statements into:

1. Any request parameter (not necessarily managed by the code) and have it evaluated as an OGNL expression to enable method execution and execute arbitrary methods, bypassing Struts and OGNL library protections.

2.  Any unsanitized String variable exposed by an action and have it evaluated as an OGNL expression to enable method execution and execute arbitrary methods, bypassing Struts and OGNL library protections.

SOLUTION:

Vendor recommends updating to current version

Addthis