2 results (0.010 seconds)

CVSS: 5.0EPSS: 1%CPEs: 20EXPL: 4

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character. ParametersInterceptor en OpenSymphony XWork 2.0.x antes de 2.0.6 y 2.1.x antes de 2.1.2, tal como se utiliza en Apache Struts y otros productos, no restringe adecuadamente las referencias # (almohadilla) a objetos de contexto, lo que permite a atacantes remotos ejecutar sentencias OGNL (Object-Graph Navigation Language) y modificar los objetos del contexto del lado del servidor contexto objetos, como lo demuestra el uso de una representación \u0023 del carácter #. • https://www.exploit-db.com/exploits/32564 http://fisheye6.atlassian.com/cru/CR-9 http://issues.apache.org/struts/browse/WW-2692 http://jira.opensymphony.com/browse/XW-641 http://osvdb.org/49732 http://secunia.com/advisories/32495 http://secunia.com/advisories/32497 http://struts.apache.org/2.x/docs/s2-003.html http://www.securityfocus.com/bid/32101 http://www.vupen.com/english/advisories/2008/3003 http://www.vupen.com/english/advisories/2008/3004 https:&# • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 17%CPEs: 2EXPL: 0

Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character. Struts apoyado en OpenSymphony XWork anterior a 1.2.3, y 2.x anterior a 2.0.4, tal y como se utiliza en WebWork y Apache Struts, recursivamente evalua todas las entradas como una expresión Object-Graph Navigation Language (OGNL) cuando altSyntax está activado, lo cual permite a atacantes remotos provocar denegación de servicio (bucle infinito) o ejecutar código de su elección a través de un formulario de entradad comenzando con una secuencia "%{" y finalizando con un caracter "}". • http://forums.opensymphony.com/ann.jspa?annID=54 http://issues.apache.org/struts/browse/WW-2030 http://jira.opensymphony.com/browse/XW-544 http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050&styleName=Html&version=21701 http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050&styleName=Html&version=21706 http://osvdb.org/37072 http://secunia.com/advisories/26681 http://secunia.com/advisories/26693 http://secunia.com/advisories/26694 http://struts.apache.org/2&# •