CVE-2013-4212
CVE-2013-4212
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
cve_referencewww.exploit-db.com/exploits/29859no verificadoexploitdbwww.exploit-db.com/exploits/29859no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://rollerweblogger.org/project/entry/apache_roller_5_0_2http://secunia.com/advisories/55862http://secunia.com/advisories/55877http://security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/89239http://www.exploit-db.com/exploits/29859http://www.osvdb.org/100342