9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Recently, from the bucket as technology Tophant security researcher icez found Struts2 showcase application in the presence of a remote code execution high-risk vulnerabilities. Struts2 official has confirmed the vulnerability, the vulnerability number S2-048, CVE number: CVE-2017-9791, the vulnerability degree of harm for high-risk(High).
Vulnerability number
CVE-2017-9791
S2-048
! [](/Article/UploadPic/2017-7/201778113815603. png? www. myhack58. com)
Vulnerability
Struts 2.3. x series the Showcase application
It is worth mentioning that the showcase refers to an application, usually in the path \struts-2.3. x\apps\struts2-showcase. war exists, if on the server and not installed the application is not subject to the vulnerability.
Vulnerability overview
Apache Struts is a United States ApacheοΌthe Apache Software Foundation is responsible for the maintenance of an open source project, is used to create enterprise-class Java Web application open source MVC framework. In Struts 2.3. x series the Showcase application demo Struts2 integration of the Struts 1 Plug-in there is a arbitrary code execution vulnerability. When your app uses Struts2 Struts1 plugin, it may lead to untrusted input passed to the ActionMessage class in the lead to command execution.
Solutions
To ActionMessage passes the original message using the following resource key value, donβt directly pass the original value
messages. add(βmsgβ, new ActionMessage(βstruts1. gangsterAddedβ, gform. getName()));
The value should not be the case:
messages. add(βmsgβ, new ActionMessage(βGangsterβ + gform. getName() + βwas addedβ));
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%