CVE-2010-1870
EPSS 92.5%Server side object manipulation in Apache Struts
Published: 5/13/2022Modified: 12/2/2024
Description
OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the '#'-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in [S2-003](https://cwiki.apache.org/confluence/display/WW/S2-003), but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.
Affected packages (1)
- Maven/org.apache.struts:struts2-corefrom 0, < 2.2.1
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-1870
- PATCHhttps://github.com/apache/struts
- WEBhttp://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html
- WEBhttp://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16
- WEBhttp://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html
- WEBhttps://cwiki.apache.org/confluence/display/WW/S2-003
- WEBhttp://seclists.org/fulldisclosure/2010/Jul/183
- WEBhttp://seclists.org/fulldisclosure/2020/Oct/23
- WEBhttp://struts.apache.org/2.2.1/docs/s2-005.html
- WEBhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2