Signature Detail
Short Name |
HTTP:APACHE:STRUTS-SECBYPASS |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Struts Improper classLoader Parameter Handling Security Bypass |
Release Date |
2014/04/25 |
Update Number |
2368 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache Struts Improper classLoader Parameter Handling Security Bypass
This signature detects attempts to exploit a known vulnerability against Apache Struts. A successful attack can allow an attacker to bypass the Java security policies and load malicious class files. Successful exploitation of this vulnerability can lead to arbitrary code execution.
References
- BugTraq: 65999
- BugTraq: 67121
- CVE: CVE-2014-0113
- CVE: CVE-2014-0094
- CVE: CVE-2014-0112
- CVE: CVE-2014-0114
- URL: http://struts.apache.org/release/2.3.x/docs/s2-020.html