Vigil@nce - Apache Struts: internal manipulation via ValueStack top
November 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a malicious query to Apache Struts, in order
to manipulate the internal state of the application.
Impacted products: Struts.
Severity: 2/4.
Creation date: 25/09/2015.
DESCRIPTION OF THE VULNERABILITY
The Apache Struts product uses ValueStack to store objects
specific to an application.
The object "top" represents the root, and contains sensitive
properties: dojo, struts, session, request, response, application,
servletRequest, servletResponse, servletContext, parameters,
context, _memberAccess.
However, an attacker can use "top" in a query parameter, in order
to access to these properties.
An attacker can therefore use a malicious query to Apache Struts,
in order to manipulate the internal state of the application.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-Struts-internal-manipulation-via-ValueStack-top-17977