Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Struts ‘includeParams’安全绕过漏洞
Vulnerability Description
Apache Struts是美国阿帕奇(Apache)软件基金会负责维护的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 2.0.0至2.3.14.1版本中存在安全绕过漏洞,该漏洞源于程序没有充分处理用户提供的输入。攻击者可利用该漏洞以运行应用程序的用户权限控制服务器端的上下文对象,控制应用程序和底层计算机。
CVSS Information
N/A
Vulnerability Type
N/A