Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

CVE-2010-1870: Struts2 remote commands execution
From: Meder Kydyraliev <meder () o0o nu>
Date: Tue, 13 Jul 2010 12:54:27 +0200

Struts2, Java web framework, is vulnerable to remote commands execution due
to a vulnerability in XWork's ParametersInterceptor, which is enabled by
default in Struts2 and WebWork applications. Full vulnerability details and
mitigation recommendations are available here:
http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html

Cheers,
Meder
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • CVE-2010-1870: Struts2 remote commands execution Meder Kydyraliev (Jul 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault