[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] CVE-2010-1870: Struts2 remote commands execution
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] CVE-2010-1870: Struts2 remote commands execution
- From: Meder Kydyraliev <meder@xxxxxx>
- Date: Tue, 13 Jul 2010 12:54:27 +0200
Struts2, Java web framework, is vulnerable to remote commands execution due
to a vulnerability in XWork's ParametersInterceptor, which is enabled by
default in Struts2 and WebWork applications. Full vulnerability details and
mitigation recommendations are available here:
http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
Cheers,
Meder
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/