Apache Struts 2 CookieInterceptor OGNL Script Injection (CVE-2012-0392)

Vulnerability
Protection

Check Point Reference:	CPAI-2012-225
Date Published:
Severity:
Source:	Apache Advisory
Industry Reference(s):	CVE-2012-0392
Protection Provided by:	Security Gateway R75
Who is Vulnerable? Apache Software Foundation Struts 2 prior to 2.3.1.1
Vulnerability Description A code execution vulnerability has been reported in Apache Struts 2.

Vulnerability Details
The vulnerability is due to an error resulting in the interpretation of cookie names as OGNL expressions. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable server. Successful exploitation could allow an attacker to execute arbitrary Java code.

Protection Overview
This protection will detect and block attempts to send a malicious HTTP request to the vulnerable server.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

In the IPS tab, click Protections and find the Apache Struts 2 CookieInterceptor OGNL Script Injection protection using the Search tool and Edit the protection's settings.
Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Apache Server Protection Violation
Attack Information: Apache Struts 2 CookieInterceptor OGNL Script Injection

Legal Notice for Threat Center Advisories