CVE-2019-0230 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Apache Software Foundation Struts affects v. 2.0.0 to 2.5.20.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2019-0230 Scanner Detail
Apache Struts is an open-source framework that is used to develop Java web applications. It follows the Model-View-Controller (MVC) architectural pattern and provides a set of reusable components and tools that simplify the development process. The framework is widely popular among Java developers due to its flexibility and ease of use.
CVE-2019-0230 is a vulnerability that was recently detected in Apache Struts. This security flaw exists in versions 2.0.0 to 2.5.20 and can be exploited to execute malicious code remotely. The root cause of the vulnerability lies in how the framework handles user input in tag attributes, allowing for double evaluation of the Object-Graph Navigation Language (OGNL) expression.
If exploited, this vulnerability can lead to various security issues, such as unauthorized access to sensitive data, remote code execution, and system hijacking. Attackers can take advantage of the vulnerability to execute their own code on the server. This can result in the attacker gaining full control of the system, stealing confidential information, modifying data, or even installing malware.
Securityforeveryone.com is a platform that provides comprehensive security solutions for organizations of all sizes. With its Pro Features, users can quickly and easily identify vulnerabilities in their digital assets and take informed actions to protect against them. By leveraging the platform's advanced features, businesses can ensure the security and integrity of their web applications and safeguard against the latest threats.
REFERENCES
- http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
- http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
- https://cwiki.apache.org/confluence/display/ww/s2-059
- https://launchpad.support.sap.com/#/notes/2982840
- https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
- https://www.oracle.com/security-alerts/cpujan2021.html
control security posture