Signature Detail

HTTP: Apache Struts2 ParametersInterceptor Remote Command Execution

This signature detects attempts to exploit a known vulnerability against Apache Struts2. A successful attack can lead to arbitrary code execution.

Extended Description

XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. This issue is related to the vulnerability documented in BID 32101 (XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability); the implemented solution appears to have been incomplete.

Affected Products

• Apache Software Foundation Struts 2.0.0
• Apache Software Foundation Struts 2.0.1
• Apache Software Foundation Struts 2.0.11.1
• Apache Software Foundation Struts 2.0.11 .2
• Apache Software Foundation Struts 2.0.12
• Apache Software Foundation Struts 2.0.2
• Apache Software Foundation Struts 2.0.3
• Apache Software Foundation Struts 2.0.4
• Apache Software Foundation Struts 2.0.5
• Apache Software Foundation Struts 2.0.6
• Apache Software Foundation Struts 2.0.7
• Apache Software Foundation Struts 2.0.8
• Apache Software Foundation Struts 2.0.9
• Apache Software Foundation Struts 2.1.0
• Apache Software Foundation Struts 2.1.1
• Apache Software Foundation Struts 2.1.8
• Apache Software Foundation Struts 2.1.8.1
• Atlassian Crucible 2.2.3
• Atlassian Crucible 2.3.2
• Atlassian Fisheye 2.2.3
• Atlassian Fisheye 2.3.4
• OpenSymphony XWork 2.0.1
• OpenSymphony XWork 2.0.2
• OpenSymphony XWork 2.0.3
• OpenSymphony XWork 2.0.4
• OpenSymphony XWork 2.0.5
• OpenSymphony XWork 2.0.6
• OpenSymphony XWork 2.1.0
• OpenSymphony XWork 2.1.5
• VMWare vCenter Orchestrator 4.0
• VMWare vCenter Orchestrator 4.1

References

• BugTraq: 41592
• CVE: CVE-2010-1870
• URL: http://struts.apache.org/2.1.8.1/docs/version-notes-221.html