SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apache Struts Vendors:   Apache Software Foundation
Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
SecurityTracker Alert ID:  1028865
SecurityTracker URL:  http://securitytracker.com/id/1028865
CVE Reference:   CVE-2013-2248, CVE-2013-2251   (Links to External Site)
Date:  Aug 1 2013
Impact:   Disclosure of system information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.0.0 - 2.3.15
Description:   Two vulnerabilities were reported in Apache Struts. A remote user can execute arbitrary code on the target system. A remote user can conduct URL redirection attacks.

A remote user can submit a URL with specially crafted 'action:', 'redirect:' or 'redirectAction:' parameter values to cause the system to evaluate the values as an OGNL expression and potentially execute arbitrary code on the target system [CVE-2013-2251].

A demonstration exploit URL is provided:

http://[target]/struts2-blank/example/X.action?action:%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()}

A remote user can create a URL with specially crafted 'redirect:' or 'redirectAction:' parameter values that, when loaded by the target user, will redirect the target user's browser to an arbitrary site [CVE-2013-2248].

A demonstration exploit URL is provided:

http://[target]/struts2-showcase/fileupload/upload.action?redirect:http://[attacker]/

Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can conduct URL redirection attacks.

Solution:   The vendor has issued a fix (2.3.15.1).

The vendor's advisory is available at:

http://struts.apache.org/release/2.3.x/docs/s2-016.html
http://struts.apache.org/release/2.3.x/docs/s2-017.html

Vendor URL:  struts.apache.org/release/2.3.x/docs/s2-016.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 16 2013 (Oracle Issues Fix for Oracle Financial Services) Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
Oracle has issued a fix for Oracle Financial Services.
Apr 21 2014 (Apache Issues Fix for Apache Archiva) Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
Apache has issued a fix for Apache Archiva.
Jun 13 2014 (Apache Issues Fix for Apache Continuum) Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
Apache has issued a fix for Apache Continuum.
Oct 15 2015 (Cisco Issues Fix for Cisco Identity Services Engine) Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
Cisco has issued a fix for Cisco Identity Services Engine.
Oct 15 2015 (Cisco Issues Fix for Cisco Media Experience Engine) Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
Cisco has issued a fix for Cisco Media Experience Engine.
Oct 15 2015 (Cisco Issues Fix for Cisco Unified Contact Center) Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
Cisco has issued a fix for Cisco Unified Contact Center.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC