Vigil@nce - Apache Struts: code execution via TextParseUtil/ActionSupport
May 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a vulnerability in TextParseUtil.translateVariables
of Apache Struts, in order to run code.
Impacted products: Struts.
Severity: 2/4.
Creation date: 01/03/2016.
DESCRIPTION OF THE VULNERABILITY
The Apache Struts product uses OGNL (Object-Graph Navigation
Language).
The TextParseUtil.translateVariables() and ActionSupport.getText()
methods evaluate their parameter using OGNL. However, if this
string contains code, it is executed.
An attacker can therefore send malicious data to an Apache Struts
application using some methods of TextParseUtil/ActionSupport, in
order to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN