Update Protection against Apache Struts2 ParametersInterceptor Remote Command Execution Vulnerability
| Check Point Reference: | CPAI-2010-141 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory SA40575 | |
| Industry Reference(s): | CVE-2010-1870 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Apache Software Foundation Struts 2.x prior to 2.2.1 OpenSymphony.com XWorks 2.x | ||
| Vulnerability Description A command execution vulnerability exists in the web application framework Apache Struts2, a free and widely-used framework for building Java web-based applications.The vulnerability is due to insufficient input validation in the ParametersInterceptor component when parsing incoming HTTP requests. A remote attacker can leverage this vulnerability by sending a crafted HTTP request to a target system, potentially resulting in remote code execution. |
||
|
Update/Patch Available Vendor's advisory |
|
|
Vulnerability Details The vulnerability is caused due to an error in XWork, which can be exploited to execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language) expressions. |
Protection Overview
The protection will detect and block attempts to bypass object access logic in the Struts framework.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.