logo
DATABASE RESOURCES PRICING ABOUT US

Apache Struts 2 ConversionErrorInterceptor Java Injection

Description

Added: 08/02/2012 CVE: [CVE-2012-0391](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0391>) OSVDB: [78277](<http://www.osvdb.org/78277>) ### Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture. ### Problem Struts uses Object-Graph Navigation Language (OGNL) to provide extensive expression evaluation capabilities. Struts 2 versions prior to 2.2.3.1 do not properly delegate exceptions when assigning values to properties. If a type occurs, Struts 2 may allow the OGNL values to be interpreted as Java code. ### Resolution Upgrade to [Struts 2.2.3.1](<http://struts.apache.org/download.cgi#struts2231>) or later. ### References <http://struts.apache.org/2.x/docs/version-notes-2311.html> <https://issues.apache.org/jira/browse/WW-3668> <https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt> ### Limitations This exploit has been tested against Apache Software Foundation Struts 2.2.1 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut). The executable `smbclient` must be available on the exploit server, and a valid SMB user with permission to write to the SMB share is required. The smb password is not allowed to contain single quotes ('). ### Platforms Windows


Related