CVE-2010-1870
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/14360unverifiedexploitdbwww.exploit-db.com/exploits/17691unverifiedexploitdbwww.exploit-db.com/exploits/14360unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.htmlhttp://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2010/Jul/183http://seclists.org/fulldisclosure/2020/Oct/23http://secunia.com/advisories/59110http://securityreason.com/securityalert/8345http://struts.apache.org/2.2.1/docs/s2-005.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2http://www.exploit-db.com/exploits/14360http://www.osvdb.org/66280http://www.securityfocus.com/bid/41592