Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:APACHE:STRUTS2-OGNL-CE

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Apache Struts 2 ParametersInterceptor OGNL Command Execution

Release Date

 2012/03/29

Update Number

 2108

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apache Struts 2 ParametersInterceptor OGNL Command Execution


This signature detects attempts to exploit a known vulnerability in Apache Struts 2. A successful attack will result in the execution of command in the security context of the affected web application server.

Extended Description

Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. This issue is related to the vulnerability documented in BID 32101(XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability). Apache Struts versions 2.0.0 through 2.3.1.1 are vulnerable.

Affected Products

  • Apache Software Foundation Struts 2.0.0
  • Apache Software Foundation Struts 2.0.1
  • Apache Software Foundation Struts 2.0.10
  • Apache Software Foundation Struts 2.0.11
  • Apache Software Foundation Struts 2.0.11.1
  • Apache Software Foundation Struts 2.0.11 .2
  • Apache Software Foundation Struts 2.0.12
  • Apache Software Foundation Struts 2.0.13
  • Apache Software Foundation Struts 2.0.14
  • Apache Software Foundation Struts 2.0.2
  • Apache Software Foundation Struts 2.0.3
  • Apache Software Foundation Struts 2.0.4
  • Apache Software Foundation Struts 2.0.5
  • Apache Software Foundation Struts 2.0.6
  • Apache Software Foundation Struts 2.0.7
  • Apache Software Foundation Struts 2.0.8
  • Apache Software Foundation Struts 2.0.9
  • Apache Software Foundation Struts 2.1.0
  • Apache Software Foundation Struts 2.1.1
  • Apache Software Foundation Struts 2.1.2
  • Apache Software Foundation Struts 2.1.3
  • Apache Software Foundation Struts 2.1.4
  • Apache Software Foundation Struts 2.1.5
  • Apache Software Foundation Struts 2.1.6
  • Apache Software Foundation Struts 2.1.8
  • Apache Software Foundation Struts 2.1.8
  • Apache Software Foundation Struts 2.1.8.1
  • Apache Software Foundation Struts 2.1.8.1
  • Apache Software Foundation Struts 2.2.0
  • Apache Software Foundation Struts 2.2.1
  • Apache Software Foundation Struts 2.2.1.1
  • Apache Software Foundation Struts 2.2.3
  • Apache Software Foundation Struts 2.2.3.1
  • Apache Software Foundation Struts 2.3.1.1

References

  • BugTraq: 51628
  • CVE: CVE-2011-3923

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out