Struts2 漏洞信息汇总
2024-05-14 20:03:46
官方链接如下:
https://cwiki.apache.org/confluence/display/WW/Security+Bulletins
最近,不出意外Struts2 又双叒叕 一次被爆出RCE 漏洞【S2-061 Struts 远程代码执行漏洞(CVE-2020-17530)】
每次Struts2 RCE 漏洞爆发的时候都在想,如果有个地方能统一看一下Struts2 的历史漏洞就好了,网上搜索了下居然没有,翻了下Struts2 官网,终于找到了需要的内容
截至本文发布时,所以已经爆出的Struts2 漏洞如下
S2-001 — Remote code exploit on form validation error
S2-002 — Cross site scripting (XSS) vulnerability on <s:url> and <s:a> tags
S2-003 — XWork ParameterInterceptors bypass allows OGNL statement execution
S2-004 — Directory traversal vulnerability while serving static content
S2-005 — XWork ParameterInterceptors bypass allows remote command execution
S2-006 — Multiple Cross-Site Scripting (XSS) in XWork generated error pages
S2-007 — User input is evaluated as an OGNL expression when there's a conversion error
S2-008 — Multiple critical vulnerabilities in Struts2
S2-009 — ParameterInterceptor vulnerability allows remote command execution
S2-010 — When using Struts 2 token mechanism for CSRF protection, token check may be bypassed by misusing known session attributes
S2-011 — Long request parameter names might significantly promote the effectiveness of DOS attacks
S2-012 — Showcase app vulnerability allows remote command execution
S2-013 — A vulnerability, present in the includeParams attribute of the URL and Anchor Tag, allows remote command execution
S2-014 — A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks
S2-015 — A vulnerability introduced by wildcard matching mechanism or double evaluation of OGNL Expression allows remote command execution.
S2-016 — A vulnerability introduced by manipulating parameters prefixed with "action:"/"redirect:"/"redirectAction:" allows remote command execution
S2-017 — A vulnerability introduced by manipulating parameters prefixed with "redirect:"/"redirectAction:" allows for open redirects
S2-018 — Broken Access Control Vulnerability in Apache Struts2
S2-019 — Dynamic Method Invocation disabled by default
S2-020 — Upgrade Commons FileUpload to version 1.3.1 (avoids DoS attacks) and adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)
S2-021 — Improves excluded params in ParametersInterceptor and CookieInterceptor to avoid ClassLoader manipulation
S2-022 — Extends excluded params in CookieInterceptor to avoid manipulation of Struts' internals
S2-023 — Generated value of token can be predictable
S2-024 — Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker
S2-025 — Cross-Site Scripting Vulnerability in Debug Mode and in exposed JSP files
S2-026 — Special top object can be used to access Struts' internals
S2-027 — TextParseUtil.translateVariables does not filter malicious OGNL expressions
S2-028 — Use of a JRE with broken URLDecoder implementation may lead to XSS vulnerability in Struts 2 based web applications.
S2-029 — Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
S2-030 — Possible XSS vulnerability in I18NInterceptor
S2-031 — XSLTResult can be used to parse arbitrary stylesheet
S2-032 — Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
S2-033 — Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.
S2-034 — OGNL cache poisoning can lead to DoS vulnerability
S2-035 — Action name clean up is error prone
S2-036 — Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)
S2-037 — Remote Code Execution can be performed when using REST Plugin.
S2-038 — It is possible to bypass token validation and perform a CSRF attack
S2-039 — Getter as action method leads to security bypass
S2-040 — Input validation bypass using existing default action method.
S2-041 — Possible DoS attack when using URLValidator
S2-042 — Possible path traversal in the Convention plugin
S2-043 — Using the Config Browser plugin in production
S2-044 — Possible DoS attack when using URLValidator
S2-045 — Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.
S2-046 — Possible RCE when performing file upload based on Jakarta Multipart parser (similar to S2-045)
S2-047 — Possible DoS attack when using URLValidator (similar to S2-044)
S2-048 — Possible RCE in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series
S2-049 — A DoS attack is available for Spring secured actions
S2-050 — A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047)
S2-051 — A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin
S2-052 — Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads
S2-053 — A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals
S2-054 — A crafted JSON request can be used to perform a DoS attack when using the Struts REST plugin
S2-055 — A RCE vulnerability in the Jackson JSON library
S2-056 — A crafted XML request can be used to perform a DoS attack when using the Struts REST plugin
S2-057 — Possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn’t have value and action set and in same time, its upper package have no or wildcard namespace.
S2-058 — Previous Security Bulletins contained incorrect affected release version ranges.
S2-059 — Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
S2-060 — Access permission override causing a Denial of Service when performing a file upload
S2-061 — Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution - similar to S2-059.
Struts2 漏洞信息汇总相关推荐
- 框架/组件漏洞系列1:struts2漏洞汇总
前言: 本篇文章中复现的漏洞不是特别全面,但是挑选了最近两年的漏洞进行复现,旨在对漏洞进行有用复现,毕竟一些老漏洞已经基本不存在了. 一.Struts简介 1.简介 基本介绍: Struts是Apac ...
- java struts2 漏洞_Struts2漏洞简述
S2-005漏洞 S2-005是由于官方在修补S2-003不全面导致绕过补丁造成的.我们都知道访问Ognl的上下文对象必须要使用#符号,S2-003对#号进行过滤,但是没有考虑到unicode编码情况 ...
- struts2漏洞_十大常见web漏洞——命令执行漏洞
命令执行漏洞在不同框架下都有存在,也是十分普遍且危害极大,下面我们介绍一个最具代表性的,也是影响范围最大的一个命令执行漏洞--Struts2远程代码执行漏洞. Struts2 漏洞介绍 ApacheS ...
- Struts2漏洞的前因后果
本文讲的是Struts2漏洞的前因后果,Apache Struts2 作为世界上最流行的 Java Web 服务器框架之一,近期被爆出两大高危漏洞:S2-045(CVE-2017-5638)和S2-0 ...
- 渗透知识-Struts2漏洞
Struts2漏洞利用实例 如果存在struts2漏洞的站,administrator权限,但是无法加管理组,内网,shell访问500. 1.struts2 漏洞原理:struts2是一个框架,他在 ...
- Struts2漏洞导致的反弹shell——青藤云安全使用的是agent进程采集器进行检测
安全老司机 | Struts2漏洞爆发后,与黑客的一次正面交锋 from:https://zhuanlan.zhihu.com/p/66122521 备注: 青藤云安全:--用的是进程信息采集器 通过 ...
- Struts2漏洞为互联网带来严重安全风险
http://www.cac.gov.cn/2014-04/30/c_1112077812.htm Struts2漏洞为互联网带来严重安全风险 2014年04月30日 14:37:50来源: 工业和信 ...
- 【网络安全入门大总结】—Java语言中常用的渗透漏洞大汇总
Java语言中常用的漏洞大汇总,建议收藏. 准备好,上课了~~~ 目录 Servlet 简介 生命周期为 接口 Struts 2 . 简介 请求流程 相关CVE Spring 简介 Spring MV ...
- Struts2漏洞爆发 知道创宇云安全已拦截近万攻击样本
截止到4月27日10:30,知道创宇云安全的CloudEye平台已捕获9810次关于该漏洞的攻击并成功防御. 昨日,Apache Struts2官方发布安全公告, Apache Struts2服务在开 ...
最新文章
- R多变量相关性分析及相关性可视化
- Visual Studio提示Bonjour backend初始化失败
- 【NLP傻瓜式教程】手把手带你RNN文本分类(附代码)
- scala使用reduce和fold方法遍历集合的所有元素
- 如何从Alfresco中提取Language Pack
- http://longshuai2007.blog.163.com/blog/static/1420
- 数据治理将遇到哪些问题
- EXCEL 中数据分析常用统计方法介绍(一)
- 品胜WPR003N、WMB001N刷Openwrt
- 《微信公众平台开发最佳实践》—— 1.2 微信公众账号的注册
- Exporter介绍与指标数据汇总(完结)
- jira迁移问题解决(实践篇)
- 广东惠州港口吞吐量稳中有升
- python取整数部分的几种方法
- Markdown - Emoji表情大全
- 荣耀v30鸿蒙系统怎么升级,荣耀v30pro怎么升级鸿蒙系统
- 【转】entity、bo、vo、po、dto、pojo如何理解和区分?
- 计算机桌面任务栏跳到,电脑任务栏跑到右边了怎么办_电脑任务栏跑到左边了怎么解决...
- 天津商业大学java实验_天津商业大学生物技术与食品科学学院
- Gluon新机器学习库,学习库中的富二代丨又拖了后腿,9亿4G用户平均月流量2007M【软件网每日新闻播报│第10-23期】