CVE-2007-4556 Scanner
Detects 'Code Execution' vulnerability in Apache Software Foundation Struts affects v. before 1.2.3, and 2.x before 2.0.4.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2007-4556 Scanner Detail
Struts is an open-source web application framework that is used to develop Java EE web applications. The framework is designed to simplify the development of web applications by providing pre-built components for common tasks such as form handling, validation, and database access. Struts is widely used across the industry and is considered one of the most popular web application frameworks.
One of the vulnerabilities that was detected in the Struts software is the CVE-2007-4556 vulnerability. This vulnerability exists in OpenSymphony XWork before versions 1.2.3 and 2.x before 2.0.4, which is used in WebWork and Apache Struts. When the altSyntax is enabled, the software recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression. This allows an attacker to execute arbitrary code or cause a denial of service (infinite loop) by using a form input that begins with a "%{" sequence and ends with a "}" character.
This vulnerability can lead to serious consequences if it is exploited by an attacker. By executing arbitrary code, an attacker can gain unauthorized access to the system and steal sensitive data or perform other malicious activities. A denial of service attack can also cripple the system and render it unusable for an extended period of time, resulting in significant financial and reputation losses for the affected organization.
Thanks to the pro features of the securityforeveryone.com platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. With access to advanced security tools and actionable insights, organizations can stay ahead of emerging threats and protect their critical assets from cyber attacks. By partnering with securityforeveryone.com, organizations can ensure that their digital assets are secure and protected from cyber attacks.
REFERENCES
- securityfocus.com: 25524
- http://jira.opensymphony.com/browse/XW-544
- http://issues.apache.org/struts/browse/WW-2030
- vupen.com: ADV-2007-3041
- http://forums.opensymphony.com/ann.jspa?annID=54
- vupen.com: ADV-2007-3042
- secunia.com: 26693
- secunia.com: 26681
- http://wiki.opensymphony.com/display/WW/1.2.3+Press+Release
- http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050&styleName=Html&version=21706
- osvdb.org: 37072
- http://struts.apache.org/2.x/docs/s2-001.html
- http://jira.opensymphony.com/secure/ReleaseNote.jspa?projectId=10050&styleName=Html&version=21701
- secunia.com: 26694
control security posture