Apache Struts 2 CookieInterceptor OGNL Script Injection (CVE-2012-0392)
|Check Point Reference:||CPAI-2012-225|
|Protection Provided by:||
Who is Vulnerable?
Apache Software Foundation Struts 2 prior to 22.214.171.124
A code execution vulnerability has been reported in Apache Struts 2.
The vulnerability is due to an error resulting in the interpretation of cookie names as OGNL expressions. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable server. Successful exploitation could allow an attacker to execute arbitrary Java code.
This protection will detect and block attempts to send a malicious HTTP request to the vulnerable server.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Security Gateway R75 / R71 / R70
How Can I Protect My Network?
- In the IPS tab, click Protections and find the Apache Struts 2 CookieInterceptor OGNL Script Injection protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Apache Server Protection Violation
Attack Information: Apache Struts 2 CookieInterceptor OGNL Script Injection