Full Disclosure mailing list archives
CVE-2010-1870: Struts2 remote commands execution
From: Meder Kydyraliev <meder () o0o nu>
Date: Tue, 13 Jul 2010 12:54:27 +0200
Struts2, Java web framework, is vulnerable to remote commands execution due to a vulnerability in XWork's ParametersInterceptor, which is enabled by default in Struts2 and WebWork applications. Full vulnerability details and mitigation recommendations are available here: http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html Cheers, Meder
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CVE-2010-1870: Struts2 remote commands execution Meder Kydyraliev (Jul 13)