Description

The default upload mechanism in Apache Struts 2 is based on Commons FileUpload version 1.3 which is vulnerable and allows DoS attacks. Additional ParametersInterceptor allows access to 'class' parameter which is directly mapped to getClass() method and allows ClassLoader manipulation.

Remediation

Upgrade to Struts 2.3.16.2.

References

Apache Struts S2-020

Related Vulnerabilities

WordPress Plugin Divi Builder PHP Code Injection (4.0.9)

Java Debug Wire Protocol remote code execution

WordPress OptimizePress unrestricted file upload

WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)

timthumb.php remote code execution

Severity

High

Classification

CVE-2014-0094 CVE-2014-0050 CWE-701 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Denial Of Service