2 matches found
Apache Struts2 'XSLTResult.java'远程任意文件上传漏洞
BUGTRAQ ID: 52702 Apache Struts是一款开发Java Web应用程序的开源Web应用框架。 Apache Struts在实现上存在安全漏洞,攻击者可利用此漏洞在网络服务器进程中运行上传的脚本代码,导致非法访问或权限提升。 0 Struts 2.x 厂商补丁: Apache Group ------------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://httpd.apache.org/ ?xml version="1.0" encoding="UTF-8" ? xsl:stylesheet...
Apache Struts 2.0 - XSLTResult.java Arbitrary File Upload
Apache Struts 2.0 - XSLTResult.java Arbitrary File Upload source: https://www.securityfocus.com/bid/52702/info Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to upload arbitrar...